So I checked my site earlier today to find I had been hacked. Odd since I’m pretty good with passwords, patching and scanning. Turns out not so good with the regular backups so that’s a lesson learned.
The hack was via the rather vulnerable timthumb.php that handles image resizing in a lot of themes.
Fortunately, like with most things in life, there’s a WordPress plugin for that.
So if you’re running a WordPress site you should install this and run a scan. It even updates the file(s) for you and suggests any questionable files that have been placed on your server.
Or if you’re sensibly running a theme from the folks at WooThemes then just make sure you’re running the latest version of their framework and all should be well.
Panic over. Carry on.
