If you’ve bothered coming round these parts lately, you’ll have noticed that things were loading excruciatingly slowly, a problem for which I was starting to blame my hosting provider. But this morning, for whatever reason, I decided to take a look at my code and see whether one of the scripts I’m running in the background here might be responsible.
And lo but the source code for my index page had a buttload of spam links embedded in it. And so I set about searching through my php, trying to figure out which file was generating these links.
Both index.php and wp-content/themes/MY THEME/header.php appear to have been hacked, and a very long bit of base64 code embedded in them, which was apparently what (a) was generating the links, and (b) was causing the page to load so slowly.
But there are also a few mystery files that have popped up in my directories, about which I can find no information online. I’m waiting on a response from my hosting provider’s support folk, to see if one of these files belongs to their one-click install process. If not, I may have to do a fresh WP installation, just to be sure that nothing else has been compromised.
And of course, the ritual changing of passwords.
So, word to the wise: if you’re running WP, and things seem to have gotten oddly slow, it might be worth a sec to check your source code.