My apologies for any emails over the weekend from my blog. It appears someone somehow got into my blog. This may shock you but, I can say that CloudFlare works. Because, little secret, Friday I turned it off. Mistake!
This is why I keep wordpress and any freely available script off of our company websites. I know many people like to have a blog for their site. I like sites that have blogs that showcase their services. I even wanted to make one for Trck.me.
The mistake is to have something that can have vulnerabilities on the same account as your important sites. If they were to gain access to your files they could do big damange.
Now in my case it looks like they used a plugin bug to create a user account with publishing privileges. I’ve seen this kind of exploit mentioned numerous times in WordPress history. It may have happened to you. This kind of access means they were able to make posts, but they weren’t able to install software or what not.
In fact one of my pet peeves is this blog’s security doesn’t let me auto install things. Now I’m way thankful! Imagine if they could have had access. Well, I guess they’d only be able to mess up my splash pages LOL but it does make me realize all this auto stuff isn’t the best.
Anyways, it’s a good time for all of us to: Get CloudFlare for your blog (or even forums), Update all the plugins and themes you use, and delete all plugins and themes you don’t use. Many times people forget about the things they don’t use. Old plugins can have old exploits. So go ahead and delete them.