UPDATE:

No official patch but there is a fix for this now. You can find out  more here… – April 12th 2009

Unfortunately today i read some bad news as SC magazine (April 9th 2010) reported that indeed some WordPress blogs had indeed been hacked! A while ago did write about security and permissions, and this came after working finding a malicious theme that attempted to execute and hack into a WP site from the the themes functions.php.

It seems that Themelab aptly wrote an article called “Dirty WordPress Hack Going Around, Cloaked to Search Engines” , as they noticed there was indeed a vulnerability and potential for SQL injection, or in lay man’s terms “hacking“. The article is dated March 1st 2010, and at the time they noted that,

This particular hack uses some particularly dirty methods which include inserting spam keywords into your own content, which is probably to control your keyword density.

They also point to a trick known as cloaking to inject data into your content, but unfortunately, as is the case a lot of these things often get passed up until it is too late such as in this instance. This problem is affecting sites that are using version 2.9.x as well as older versions of WordPress

Here is the video they posted detailing the problem but check out the post for more details. This was March 1st 2010 and unfortunately for some WordPress users it did not end there.

After this point the blogs started to gradually go down, and as usual the first thing to do? Blame your host. However, it seems in this case the deeper rooted problem is not actually a poorly configurd ISP and as a result Network Solutions were prompted to make this announcement on April 9th 2010:

“The virus somehow infiltrates WordPress and adds a new file in your scripts directory called jquery.js and then inserts that file into the header or footer files of your site. It also inserts an iFrame that calls a 3rd party site which is known for malware or other malicious activities.” – Tech Cocktail via Network Solutions blog.

You can not even blame Network Solutions, as Tech Cocktail note they host their site at Mediatemple and the results were the same as they had their site hacked too.

1. So more than ever follow the best practices and common sense as you work with your site.
2. It may be a good time if you have never backed up your site to do so. Contact your ISP and see if they have a backup service that you could use.
3. CALL your ISP or developer, make sure they are ready and aware, if not make them aware. It could be a 5 minute call that spare a whole bunch of heartache and financial pain.
4. Make sure BOTH your files and your database are backed up.
5. Watch for any new plugin updates, i am guess there may be a few. Read the changelog for instructions or any changes you may need to make you stay safe.
6. Checkout the More info links, Network solutions do have some file permission changes you may want to look at to make sure your site is ok.
7. Follow my blog you will know if something else happens

More Information:

• Security Center Notice – SC Magazine WordPress Hacking notice.
• Network Solutions WordPress alert – Good Tips at the end of the article: READ.
• Hacked WordPress blogs cloaks search engines - Tech Cocktail
• Handling the WordPress Hack – updated by Christopher Penn
• Mediatemple Vulnerability notice - March 2nd 2010
• Hardening WordPress – Official WP Codex
• WordPress hardens release -  SC Magaines (October 2009)