the myIT blog

Malware on a Wordpress site? Say it ain't so!

Recently my wife was trying to view a website for a local business and her Google toolbar stopped her cold. She emailed me from her office and asked my opinion. I said "don't go there".

Malware. Google says proceed at your own risk.

So cranking up a guest account on a chromebook I went to investigate. I can safely ignore these types of errors on this type of device. The worst thing that could happen is it takes me to an undesirable place. Both my home and work firewalls have snort and content filtering so I threw caution to the wind and dived in.

In looking at the source of the page it was some kind of page tracker, referencing someone's UA code for Google Analytics. The link source was "". It was a wordpress site. Enough said. I see this kind of nonsense all the time. Why are you using an adult business firm (ahem, porn redirector domain) to help you track pages? 

Actually, those porn operators probably know a lot more about tracking pages than anyone else, but, it might not be good for every business. 

One of the reasons I like the newer sites (Tumbler, squarespace and the like), admittedly this is a basic Squarespace site I imported from Wordpress after coming to the realization the incessant security patches and quality and trustworthiness of plugins were JUST NOT WORTH IT, is that the framework is all very much hardened. It's both mobile friendly to users and admin, and very google friendly for analytics, webmaster tools and also to us Google Apps users (calendars, forms, etc.). 

Webmasters, especially Wordpress webmasters, never want to hear this. It makes them dispensable. When my hosting application provider is also the "author" of the code that runs my site and that same company is also scanning their framework to ensure it does not fail security checks and that its html code it prodcues does not offend any sensibilities, it makes me worry less.

Of course, I can always inject some code that, but since my provider allows me to simply put in my analytics code and all my social network stuff I don't have to include plugins that start redirecting our customers to "hardcore porn images of the latin persuasion".

If I all knew was wordpress, I guess I could add a security scanner plugin to scan my plugins. I wonder who poorly coded that though...