If you still have the old version of WordPress deployed, remember your site can be easily hacked because of known exploits. The hackers may or may not have a lot to gain by injecting malware or spammy links on your website but if you own the website, it could be your worst nightmare.
A spammed website will most likely be ignored by search engine crawlers resulting in dropped rankings. In fact, Technorati is totally junking the older versions of WP from its system.
Sites like Security Focus are publishing a bunch of hacks possible on older versions of WordPress. So before you get mugged by a script kiddie, take the necessary action.
Lets say one fine day you wake up and realize your blog has been a victim of such an attack, what do you do?
I have collected some information from disparate resources that might help you get your blog back on the track.
A. Upgrade Now!
From the WordPress perspective, you should upgrade ASAP. I was able to upgrade TechBanyan in less than 15-20 minutes. I see absolutely no reason why you should delay the upgrade for even a single day. Take a look at my simple straight forward tutorial and if you have any questions, I’ll be happy to answer.
To give you an idea of how vulnerable older WP versions are, just copy paste this URL in your browser. Substitute it with your site name –
In the older versions of WP, one can easily see all the plugins you have installed. (Unless you went the extra mile of changing permissions of your directory structure). These plugins themselves sometimes offer an exploit which the hacker can use to insert garbage on your website.
B. Change your passwords
If your site was compromised when you were on an earlier version of WP, the hacker can still access the site even after you upgraded. Basically its a good idea to change your passwords every month or so.
C. Manual Scan
Scan your directory structure on the web host. There was an exploit not too long ago using which the hackers created a folder called ‘1’ under the wp-content folder. Check out Google index for the same from here.
The above points are courtesy Matt Mullenweg.
Google has some additional tips for webmasters to get their sites back on track once it is infected. They highly recommend the website owner to take off the site in case it is compromised to protect the web surfers.
Also, one should periodically check the Google webmaster central to see when was the last time the site was indexed etc. In case Google takes down the indexing of your site, it should immediately raise a red flag and give you a pointer that something could be not right.
Check out detailed Google tips from here.