When WordPress 3.0 went live I immediately went through and updated both Vast Variety and my other blog, Foederati. I should have known better to be honest. There are almost always bugs and holes any new software package no mater who it comes from and what it does. I should have waited a couple of months and let them clean all that up. But no, I didn?t.
Now don?t get me wrong, I?m not unhappy with WordPress or 3.0. In fact I actually greatly enjoy many of the new features that it has. Unfortunately, even after about 5 years of web site design work and a couple of years of blogging, I still have much to learn about security.
Within the last week or so both sites had somehow gotten a malicious script uploaded to them, I believe through a security hole in a plugin. The script would redirect anyone visiting either site to a third party site I have no connection to and would then proceed to run malware on their computer. Fortunately I was able to figure this out pretty quick and remove the attacking code.
Unfortunately however, this has forced me to start from fresh WordPress installations for both sites. I do have almost all of the old posts and content and will be uploading them to both sites over the next few weeks, but it certainly means a lot of extra work. Oh, well, the price one pays for not paying attention to web site security. I am also doing a significant amount of reading, intended of course to correct any security holes I may have on the site.