WordPress is a fantastic platform, with an excellent plugin mechanism and the most usable admin interface I have seen. I know and have used several others including Joomla, Zope, Drupal, and old stuff you may not have heard of. The problem with being popular though is that you are likely to be a victim of more attacks. There’s a strange pharmaceutical spam attack out there, and it got me too. I first found out about it when Google emailed my with a possible hacking notice. Links like /valium-high were appearing in the Google results for this site, yet when I tried the links they were giving me a 404 (page does not exist) result. The sneaky thing is that the hack is cloaked, the link /valium-high did in fact work but only if accessed via a search engine spider (or search bot / Googlebot). So Google sees a strange page selling valium, whereas regular visitors see a boring “page not found”. Spammers use these techniques to help their own strange pages rank in Google.
Using “Fetch as Googlebot” in Google webmaster tools allowed me to confirm the cloaking issue. To clean the hack, and simulate a search crawler without resorting to publishing tests live to my domain, I used my own server and tested using a search engine crawler simulator on a custom subdomain.
After a lot of searching, including various scripts like lookforbadguys and advice on checking the database I still couldn’t find the bad code. I gave up forensics and just reinstalled a clean version of WordPress (often the best recourse if you can’t find the hack quickly). It then took me a while to get a few other files I needed (my theme, images, custom scripts) from the old install and make sure they were working correctly.
Since I was making updates, I finally brought this WordPress site up to date with a few changes to CSS to take full advantage of screen real estate. This humble template was less than 800 pixels wide. I am now using a 960 pixel grid which is a de facto standard on the web given larger screen resolutions. I hope you find it a little easier to read.