The article sums up his revealing analysis of how a Theme malware code integrates itself into your site, even down to the server level, through a twisting path of imaginative code. The code reminds me of insidious bombs featured in an episode of Star Trek: Deep Space Nine called “Houdinis.” The bombs vanished in and out of subspace, each less than a meter from another one in a grid. At any time it could appear and explode if it detected movement near it, surprising and killing the victims. This code has the ability to activate, create trouble, then erase its path, making it tough to detect, test, and eliminate.
The article also offers some tips and WordPress Plugins for checking your site for security vulnerabilities, as well as possibly test a Theme before you become too invested in it. There is no one full-proof, one step thing you can do yet, though there are many working on some advanced site armor and prevention tools which I will cover in an upcoming article on WordCast.
In general, use the built-in auto update feature to upgrade WordPress immediately when a mandatory security update is released, and upgrade Themes and Plugins.
Remember, prevention is cheaper and easier than dealing with a hack after the fact.
We live in “interesting times,” and I dream of the day when those who dance with the dark put their creative energy, discipline and determination into projects of light, peace, and joy…and that good would pay better than bad.
- Good Reasons to Upgrade WordPress
- Fighting Registration Spam in WordPress
- Are You Risking Your Blog With an Unofficial or Vulnerable WordPress Theme?
- Protecting Your WordPress Blog
- WordPress Security Prevention, Reactions, and Scares
- WordPress Blogs and More Hacked by Google Redirects
- Warning: Fake WordPress Malicious Site
- Web Hacks, Worms, Infections, and Viruses: Is Your Blog Prepared?
- Firewalling and Hack Proofing Your WordPress Blog
- Old WordPress Versions Under Attack
- Prevention: Protecting Your Online and Internet Security