YBO Interactive Blog

Using WordPress? If you’re looking for SEO improvements, checkout this excellent WordPress SEO Guide. It has quite a lot of good ideas for optimizing your blog, with the relevant plugins. I would recommend doing most of it.

One of the things they didn’t mention is removing bloginfo(’name’) from header.php so that the blog name will not appear in the title of every single page on site. (If you are asking why, here is the answer)

In case you want to do it, all you need to do is edit header.php

change this code:

<title><?php bloginfo(’name’); ?> <?php if ( is_single() ) { ?> » Blog Archive <?php } ?> <?php wp_title(); ?></title>

into this:

<title><?php
if ( is_single() || is_category() || is_tag())
{
wp_title(”);
}
else
{
bloginfo(’name’); ?> <?php wp_title();
}
?></title>

Warning: If your blog is active for a long time and has thousands of posts, I wouldn’t change the title for all posts. Google doesn’t like ‘big’ changes. In that case, I would change the title only from the current postId, so that next posts will be with no title and old ones stay untouched.

Google up inurl:wp-content/1/ [Warning: just google it up, don’t visit any of the site in the search results. They are full of activeX viruses!]. This is what I see now:

What you see is a list of sites that were hacked through the latest WordPress Vulnerability that allows hackers to insert spam into your blog.

This is just great. WordPress is the most common blog software out there, and at this minute there are over 90,000 website that were spammed (still counting…) I’m sure that most of these sites owners never heard of this exploit and some of them will probably never will. The damage is enormous. This exploit made them look like spammers in Google eyes, and Google like Google - She never forgets anything. If you are a spammer, you are out of the index in one second.

In my opinion, the best way to deal with these hacks is Active Network Scanning. This kind of services are usually provided by an external company that scans your site for vulnerabilities on a daily basis (like Hacker Safe, but better). Once a new vulnerability is discovered to the world, it is automatically added to their scanning system and is tested on your site. This can definately help you sleep better.

Life shows that there is no way your web site can be safe. It is just the nature of software that it is full of holes. If only you scan your website for vulnerabilities, at least you know about it on time and hope there is something you can do about it…

Important comment: if you are not in this list, it does not mean that you are safe. There are lots of other URLS that were used for this attack… This IS fun!

update: (April 12 2008): Checked again the list, and it seems like most of the hacked pages were removed from Google’s index. It DOES NOT mean that the vulnerability is fixed, it just means that Google had identified that these pages as pages that should be ignored and removed from the index. This is semi good news for those that were hacked and afraid their ranking will go kaput. Just semi because they are still vulnerable and will surly be attacked again in the next wave…

It seems like the number of WordPress vulnerabilities is growing constantly. The most popular blogging software that exists is becoming a huge security hole. In fact, this post is written with Wordpress and it feels less secure than ever. This makes me think about moving my blog to blogger or wordpress hosting site, instead of fighting the patches on my own server.