Home / Security / WordPress Self Hosted Blogs Under Attack


WordPress Under AttackThere have been a number of reports about a WordPress hack affecting self-hosted WordPress blogs. The hack seems to affect WordPress 2.9.2, the latest version of the blogging platform.

The attack leads into an infection chain that leads to various Malware, including a rogue antivirus which we written many articles about here.

Facts about the recent hack

  • Several WordPress blogs running the latest official version are currently successfully compromised.
  • Attackers either manipulate the blog to spread Malware (more recently) or to cloak links that are only visible to search engines.
  • It is currently not clear how the attacks are carried out.
  • Some pointers are given on how to disinfect a blog.

WordPress webmasters should check their blogs immediately to make sure that it has not been compromised yet. A WordPress plugin like Antivirus might also help in preventing a successful attack.

How to protect your self hosted WordPress blog

You can download the Antivirus plugin here.

AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections.


  • WordPress 2.9.x ready
  • Detect the current WordPress permalink back door
  • Quick & Dirty: activate, check, done!
  • Manual testing with immediate result of the infected files
  • Daily automatic check with email notification
  • Whitelist: Mark the suspicion as “No virus”
  • English, German, Italian, Persian

In addition to the Antivirus plugin, you should also install the Login Lockdown plugin here.

Login LockDown records the IP address and time stamp of every failed log in attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the log in function is disabled for all requests from that range.


About the author: Frank Jovine


The idea for Tech Jaws and most of the look of the site came from Frank’s mind – a place you wouldn’t want to vacation. Frank takes his run of the waters up North, and has been building successful web sites for years. He’s a regular within social communities like Facebook, Twitter, StumbleUpon, Reddit and Digg. His favorite appetite for tech savvy web sites include, TechCrunch, ZDNet, and helping members in Yahoo Answers in the Computer category.


Recent posts in Security



  1. Thanks Frank, I installed the recommended plugins.

  2. Already using login lockdown, but also installed the antivirus. Thank you so much!

  3. Thanks Frank! Working on getting all this in place!

  4. WordPress said that it was Network Solutions fault for not preventing users sharing the same server from accessing the other users content.

    • Brad,

      The source was NetSol, but that doesn’t mean hackers won’t try to compromise other WP 2.9.X blogs. I seen this too many times. It is best to be safe than sorry.

  5. I have had Login Lockdown installed from the second week I had my blog. Time to get the Antivirus plugin. Thanks for the tips!

  6. Thanks for sharing this information, I’m going to check my 2 WP blogs with Antivirus plugin.

  7. Tini | SEO and Blogging

    It’s under attack like seriously? The only attack I am getting is the thousands of spam comments. Thank goodness for moderation.

  8. Getting my site hacked is one of my biggest fears. Didn’t even think about looking for a Word-press anti-virus plugin! Cheers mate.

  9. Thank you for the information and for mentioning the quick solution to it. Apart from Antivirus and Login Lockdown plugins, you might want to consider changing permissions for various important folders and files in your WordPress installation.

    I have a done a post for changing the permissions of some important wordpress folder which might help: Secure WordPress blog in 5 minutes

  10. Thanks so much Frank! And – this is a good time for me to get rid of the WordPress installations in the sites I started and abandoned last year. :)

  11. How interesting. I didn’t upgrade to 2.9.2 because it wasn’t an upgrade for an exploit, and now I’m glad I decided against it.

  12. My wordpress blog was hacked just a few days ago (4th April), I wish I had installed the anti virus before my blog had got hacked.

    Anyways, I am installing it right now to prevent from any future attacks. Thanks

  13. Thanks Frank for the advice and the plugins. I’ll try those.

    I just got one of those attacks on a blog few days ago : massive injection of malicious javascript code in almost all the standard WordPress .js files. The threat is real !

    I’m still searching about the entry point on this attack, and I have two leads : a virus on the PC which could have used my ftp client, or a weak file system security from my hosting provider (as Matt wrote about http://wordpress.org/development/2010/04/file-permissions/).

    I have cleaned up the site, and posted an article (in French :-)) about it. http://fanta78.lasnespace.com/2010/wordpress-attaque-mon-blog/

  14. I have implemented this on many of the sites, but one in particular Trade Show Improvement dot com continues to state danger in several places. If someone doesn’t know php all that well, what are their options?

    Scan shows – there is no virus but has several lines that say see line..such and such

    <?php require(WEBTREATS_INCLUDES . "/sitemap-content.php");

    Any thoughts?