My blog is increasingly getting hacked with hidden spam ads; I have to delete them every few days, and Google is threatening to drop my blog from their search engine. Apparently this is a common problem with WordPress. Well, today I notice that my archive.php file is now misspelled arhcive.php, and starts with “Merhabba my friend” (misspelled Turkish!), but I’m not computer-savvy enough to know what to do without making it worse. Any advice?
Usually comments get turned off on a post a week or two after it gets posted. Hardly any legitimate comments get added to a post after a certain point.
Get the newest WordPress version: 2.5.1
You appear to be running 2.0.2 which is at least a couple years and several versions old.
To Alex J.: I’m not talking about comments, I’m talking about hidden ads actually inserted into my code.
To Matt: My blog software is provided by Yahoo; they supposedly handle all updates automatically.
Are you sure about the auto updates? I’m not familiar with yahoo’s hosting service but some use automated scripts to install WP and other packages. Those scripts may update for you but it wouldn’t happen automatically. That’s dangerous. Moving from 2.0.2 to 2.5.1 may cause issues because a lot has changed since then. If possible I recommend setting up a 2.5.1 install somewhere, export the data from WP 2.0.2 and import it into 2.5.1. It may require some tweaking of the theme, etc.
Or contact Yahoo support about upgrading.
Will any of these links help?
http://www.theosquest.com/2007/03/24/success-upgraded-to-wordpress-212-on-yahoo-hosting/
http://wordpress.org/support/topic/178892
I certainly hope they will.
Yep, definitely update your version of wordpress. The latest version fixes these security holes.
You might find this useful
http://www.blogstorm.co.uk/how-to-use-google-alerts-to-find-out-if-your-site-gets-hacked/