So, drugs I lied. Sorry about that. I didn’t know I was lying. In fact, more about I thought I was telling the truth. However, more about I’ve since discovered that my blog was, in fact, hosting malware. See, I was still running WordPress 2.2.2 (the current version is 2.5.1) because I knew that I had plugins that would break if I switched to a newer version of WordPress. (WordPress is the back-end software that runs my blog.)
It turns out that when WordPress developers said there were security fixes in newer versions, they weren’t kidding. Somehow somebody has been able to gain access to my blog to insert hidden frames that download malicious content to people’s computers.
At the database level, I’ve removed every instance to the iframes that cause the problem, I’ve removed every reference to <noscript>, which is another way hidden content is injected into pages, and I’ve checked for any outgoing links to the server that was the target of the injection.
At the software level, I’ve upgraded to the latest version of WordPress, which caused some plugins to fail. I haven’t had time to diagnose all of the plugins yet, but I know for sure that my image-based headlines no longer work with WordPress, so I disabled that plugin. If you find other ones that aren’t working like you expect, please contact me.
At the admin level, I’ve changed my login credentials for WordPress, plus I’ve changed my database credentials; hopefully this will ensure my content remains secure from future injections.
I’ve notified Google of the changes I’ve made, and I’ve requested that they review my site to see if it is safe to browse again. (I’ve cleaned everything, so I know that it is.) Hopefully I’ll be off their black list soon!
In the next few weeks, I will be upgrading all the plugins to the latest versions, and I’ll probably be changing my theme (to a widget- and tag-friendly version), so you’ll be seeing some changes. In the mean time, I’ll keep working on ensuring my server is safe for all my visitors!
Thanks for your patience!