On my way home from work on Friday I received an e-mail from my web host. Apparently they had done a security sweep of all the sites they host and they found one bit of malware on my site. It was in the form of a .php file. I didn’t have a chance to look at the file because they had already removed it from my server. The file name wasn’t familiar to me so I’m certain I didn’t put it there. There was also no indication that there were any links to that particular file from anywhere else on this site either.
If you’re wondering if it’s a security risk to be on this site the answer is no. As far as I know, the WordPress installation wasn’t compromised at all. The real question is how did that one file even get onto my web server? It’s difficult to tell and my web host couldn’t answer that question when I phoned them. It could have been through an old-school FTP hack. They might have been able to get in through my web host control panel and then uploaded the file through that. Or it might have been something else that I don’t even know about.
Just to be sure, I’ve changed all my passwords relating to my web hosting, my web server, and my WordPress installation. Please continue to visit this blog, your security is number one concern.