WordPress blogs hosted on GoDaddy Hacked

Posted on April 27, 2010


This blog is hosted on WordPress.com, but I do have a self-hosted WordPress page. So I was horrified when I got this tweet this morning.

For either the second or third time, WordPress blogs have been hit with malicious code. Today’s security issue comes from an attack that causes users who find your blog on Google to be hit with a virus. Apparently, this only affects users who are hosted by a GoDaddy Linux hosting.

Here is GoDaddy’s comment (submitted by Herma Latha at inspriated.com):

Measures are in place to protect the overall security of the shared hosting server on which your website resides. The compromise of your account is outside of the scope of security that we provide for you. Virus scans are performed on the content that is hosted, but they may not pick up everything, largely due to the fact that hackers tend to upload custom scripts which are not picked up by traditional malware scanners. However, if a virus is detected, you will be notified. The overall security of your password and the content within your account is your responsibility, as password compromises and compromises due to scripting can only be prevented by you.

My blogs turned up okay. But WP Security Lock has become the go-to page for updates on the issue. The blog post with the latest information is here.

It looks like GoDaddy is also trying to find out how so many people were hacked. So they are working on the issue. That is one of the reasons my blog was really slow this afternoon.

It is becoming really clear that SOMEONE is targeting vulnerable WordPress blogs. So make sure you backup your blog and change your passwords. WP Security Lock also gives you 7 plugins to increase your blog’s security. They are free and you get them by subscribing to their newsletter. (Note: I get nothing from this. Just a satisfied customer.)

The linked page also gives you a step-by step for reclaiming your site and eliminating the code from your server. If you don’t want to do it yourself, WP Security Lock charges $100 to take care of it for you. As you can see by the comments on the page, it is worth it if you don’t have the time or knowledge to do it yourself.

Posted in: Computers, Internet