As reported yesterday, one of my self-hosted WordPress sites, http://www.QueenOfKludge.com fell victim to a virus attack. The virus infected all of the .php files residing on the host server. (GoDaddy in my case). The site has now been rebuilt using Active Rain posts imported with Jeff Turner's excellent Import Active Rain Posts plugin.
I highly recommend visiting the WPSecurityLock blog http://www.wpsecuritylock.com/blog/ and reading all of the blog posts about this recent wave of attacks.
I got WPSecurityLock's eBook, too, which contains a lot of good information.
Here are a few more links with information about Losotrana:
http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/
http://mashable.com/2009/09/05/wordpress-attack/
(These articles mention older versions of WordPress -- but Queen was running 2.9.2 !!)
Please don't think I am dropping any of my self-hosted WordPress sites. I am not. And I am not moving off GoDaddy either (that would involve WAY too much time and effort right now) :-).
I am going to implement some of the security suggestions in the WPSecurityLock eBook.
Cheryl, so sorry to hear that. I have several dozen sites on Go Daddy. I think i should make a backup copy from time to time. good reminder.
Bryan,
Here are a few items on my battle plan: Download copies of all customized themes and plugins... Export all posts to a backup file once or twice a week ...
And check out this plugin: http://wordpress.org/extend/plugins/antivirus/
Yes, Even if godaddy hosts the site, it is a good idea to back up weekly. I attempt to remember to do it every Friday.