This blog and another I own were affected by a recent hack that redirected traffic to the attacker’s site. It turned out that my hosting provider, Media Temple, already knew about this happening to sites on their Grid Service and had posted the steps to clean things up.

What still isn’t clear is how the exploit worked. It had inserted a cross-site script in the content field for every post in the blog. In other words, it put something in the database. Not good.

Did the attackers exploit a WordPress vulnerability? Or was the Grid Service vulnerable in some way? It seems that Media Temple is suggesting the former, but then why does their Grid Service seem to be the sole target (I have other blogs on their Dedicated Virtual plan that weren’t affected)?

As Microsoft discovered with Windows, being the market leader also means being the juiciest target for hackers. There have been a few high profile incidents recently where WordPress/Automattic and hosting providers ended up pointing fingers at each other and while developers probably realize that the WordPress team has more credibility on the technical issues, ordinary users don’t know who to believe.