I was cleaning a client’s site today that had been hacked, when I discovered a new backdoor implementation that I had never seen before. This one is a perfect example of why automated scans are often not sufficient when cleaning up a hacked WordPress installation. You can see the full file here: 99bde887d.php.
The file was dropped into the theme that the client is using, and is coded to mimic a core WordPress file, using some of the same function names and coding conventions that WordPress itself uses. It is designed so that most people opening it and actually looking at the code would still not notice that it was anything malicious. I have seen enough back doors though that even creative ones will often stand out to me. It is definitely not something that would be picked up with any of the existing scripted scans out there. While of course someone can update their plugins or scripts to include specific strings to look for that this file contains,
Adding images to your blog posts can make them much more visually appealing to your readers. This in turn can increase the likelihood that someone will link to that post or subscribe to your feed, which will of course in the long run help to improve your rankings and traffic. The internet is chock full of images, many of which will fit perfectly with that blog post or article that you are writing. The problem is, however, finding images that are both high quality and that you are actually allowed to use.