Two days ago I went to visit the Ajar Productions main page and found that the blog feed was generating an error. In looking at the feed, I found there was a long and obfuscated <script> tag at the end of the file. In searching further, I found that the same script had been appended to nearly every page named ‘index’ on our webserver. My best guess is that this was a WordPress hack. So I spent quite a bit of time cleaning out the offending code from every page and adding about a dozen new security measures to the site. I think that the intended effect of the hack was to redirect traffic away from our pages, but I don’t know if it was successful. My apologies if anyone was redirected while visiting our site.

I found these links especially helpful in improving the security of the site:

• WordPress Security Tips | Wordprezzie
• Wordpress Security Tips and Hacks | Noupe
• 10 Steps To Protect The Admin Area In WordPress | Smashing Magazine