Increased WordPress Hacks.

We have been seeing an increase recently in the amount of hacked WordPress installations. One of the largest causes of a site being exploited, has been outdated “theme” files containing the tool “TimThumb”. An explanation of the exploit can be found Here.

We recommend that folks that have themes built from pre-canned templates install and run the plugin “TimThumb Vulnerability Scanner”. It takes a second to install, and can plug up a very easy security hole in your site in a second.

Another plugin we recommend for sites that have been exploited is one called “Exploit Scanner”. This plugin is not faint for the heart, but it tries and finds files that match the most common known exploits within every file within your site. If you are not sure what you are doing, do NOT just delete the affected files, but instead Contact a trained professional that can handle this for you.

Most hosting companies, unfortunately maintain a hands-off approach when it comes to your software being exploited. Its usually up to you your IT Service Provider to be able to clean off/patch up damage caused. Always make sure that all of your themes, plugins, and WordPress addons are up to date. Most modern WordPress system can all be updated automatically with a click of a link. Check it once a week (or sooner), to make sure that you are up to date with your software.