Talking about WordPress.
As you should know if you are an old time reader, this blog has been hacked several times with malicious script injection.
I tried to secure the blog in every possible way without any luck.
Finally, I think I figured out what allowed hackers to exploit the blog. I use a custom theme built on an old version of Silhouette theme by Brian Gardner.
As you can see from the link, the theme is not longer available for download, but I believe the file comments.php
contains a vulnerability.
Here it is:
post_password)) { // if there's a password
if ($_COOKIE['wp-postpass_' . COOKIEHASH] != $post->post_password) { // and it doesn't match the cookie
?>
to “”
-
on
comment_approved == '0') : ?>
Your comment is awaiting moderation.
comment_status) : ?>
comment_status) : ?>
Leave a Reply
You must be logged in to post a comment.