Joho the BlogI've been hacked. Help? - Joho the Blog

I’ve been hacked. Help?

My WordPress account has been hacked.

JohoTheBlog’s RSS feed is showing up in NewzCrawler embedded in spam. Results at Google have begun showing up with spammy titles (“Buy Online, No RX (Prescription) Required! » Zoloft online stores”), with long, hacked URLs (

Googling around tells me that there have been similar-seeming attacks on WordPress accounts.This article is quite helpful. I found some odd cruft in my header.php, have changed passwords, and am stilling looking around.

Any other suggestions?

6 Responses to “I’ve been hacked. Help?”

  1. I highly recommend WordPress Exploit Scanner

  2. If I remember well, Brad Feld ( was blogging about a similar problem… and a solution. You may ask him.

  3. I found some stuff in index.php and header.php. My friend Brad Sucks scoured my site clean. Thanks for the help.

  4. I did it. Hahahaha.

  5. I noticed that was hacked earlier this year. I wanted to use because they offered no feeds, and couldn’t understand why that feed was consistently spam, but showed perfectly fine in my browser. I used wget, to see what I was getting in return, and it was nothing but spam. I changed my user agent, and still got it. Even Google was getting the spam cruft with their robot, so it was evidently driven by user agent. I let the webmaster know, although he didn’t believe what was going on. But he figured it out, and and things are now just fine.

  6. Scott Rosenberg’s advice got me out of this pit a couple of years ago.

Web Joho only

Comments (RSS).  RSS icon