If you’ve got a wordpress site hosted on your own, and you use AddThis, WPtouch, or W3 Total Cache and you updated your site within the last 48 hours, beware you could ‘potentially’ have installed an infected plugin that gave hackers backdoor access to your site.
The guys over at naked security advise you re-install those plugins and for an added security measure I advise you backup your wordpress and database just to be safe.
The vast majority of you are alright, but those are some pretty popular plugins for wordpress, I wonder where the source of the breach came from, what I know for sure is that a proper backup policy and a some added security for your blog is a solid investment for rainy days like this.
To completely protect yourself may be impossible but you can drastically reduce your potential exposure by:
1) Backing up your wordpress after every post, so that you can restore your data easily if there is a breach.
2) Use 2 different passwords and usernames for your wordpress login and your web host login. For instace my usernames for NearlyFreeSpeech and WordPress are different.
3) Consistently use the latest version of wordpress, although it would have saved you from this one, and the procrastinators usually don’t get any ‘new’ problems, upgrading wordpress versions ensures you’re not leaving your site exposed to vulnerabilities that wordpress has already announced and fixed. Those are vulnerabilities everyone knows about!
4) Download wordpress plugins only from wordpress.org
These 4 items, will allow you secure yourself from hackers. Although if these guys can hack everything from government cables to government websites, I don’t see how the average joe can protect himself from hackers. All you can do is ensure you’ve got a backup stored securely somewhere to reclaim your website and bring it back up 🙂
[image courtesy of http://www.flickr.com/photos/modrak/169802213/sizes/s/in/photostream/]