Site Compromised! "Disreco"

I just wanted everyone to know that your WP blog can be compromised by something that redirects to disreco.com (do not go to that link!). For a month or so, people had been having trouble visiting my site and even I had these strange warnings at the top of the screen that told me I needed to download more plugins to view the page – not true, because my site is a simple blog site and I have nothing on it which would prompt that.

Anyway, a few weeks later and people were informing me that Internet Explorer would not allow them to view my site because it gave them a warning about it being malicious and had been reported to Microsoft. Then last night, another warning came up on Google Chrome saying my site was malicious “due to including elements from disreco.com”. Immediately, I did a search on that word and within minutes, found that my WordPress code had been hacked and that there was malicious code embedded somewhere in my ‘Header’.

I found the ‘echo – redirect/disreco.com’ (something like that) at the very top of my code on the ‘Main Index’ section, took it out and the warnings from IE and Chrome disappeared.

I have no idea what caused it, who put it there, or how they did it, but it’s scary! Someone was able to manipulate my code, which means they could have taken full control of my site. To anyone out there using Firefox, I recommend you also try viewing your blog in IE and Chrome. Firefox did not warn me of any of this and I would never have known if other people hadn’t told me.