So 2.8 is out, But 2.71 is getting hacked and i can’t verify that 2.8 addresses the issue !
From what i see, it seems it is a SQL injection, Nothing for sure, but since the themes were not affected, it seems it is a SQL injection
What to do
First, if i were you i would not use wp_ as the table prefix, wherever possible, CHANGE IT to some other prefix, and preferably not a 2 letter prefix
Hacked can mean a more secure wordpress over time, but by that time, it would have developed the bad reputation for security vulnerabilities that PHPBB once had (And lost a market share due to), And prompted people to develop alternative software
As for me, i know of how many people just love the clean wordpress, and i will be developing a platform that is more secure (Hosted Wordpress), this way i don’t need to update my wordpress installations one by one, and most probably i will be giving the service away to those of you who want some managed wordpress.
The hacked websites i have seen today all have no posts (Posts were deleted), the the title of the website was “Hacked by xxx”
Anyway, let me go make that shared platform and let you guys know when it is ready !
Take care for now