… there is a wave of attacks going around targeting old WordPress blogs, particularly those on the 2.1 or 2.2 branch. They’re exploiting problems that have been fixed for a year or more. This typically manifests itself through hidden spam being put on your site, either in the post or in a directory, and people notice when they get dropped from Google.

There seems to be two kinds of hackery going on, just like I’ve described:

1. Inserting “invisible” HTML full of links (for NSFW sites) into your WP template that isn’t obvious when you go to your blog, but is VERY obvious when you look at the source code (and start seeing that you’re getting traffic for some “peculiar” terms).

2. Inserting whole new source code / new sneaky themes that copy other blogs / content *exactly*, which is full of spammy content and affiliate links.

(Vulnerable WordPress Blogs Not Being Indexed > Massive Blog Hackery Exposed > TailRank Exposes Massive Number of Blogs Hacked) It seems like if you’re running WordPress, it’s advisable to upgrade to 2.5 (which was relatively painless) as well as checking the actual code of your theme…