The virus came back. Theobloggers has once again cleaned it up. I’m now trying to find the hole that let the varmint in.
For a few months, I allowed readers to subscribe to the site using the WordPress native “Subscriber” function, way down at the bottom of the right column. I turned that feature off when I got over 3,000 subscribers that all looked like spammers.
I couldn’t see much harm in sending them emails (and it seemed only fair to spam the spammers!), but I now wonder whether one of those used the subscriber feature to hack the site. After all, being a subscriber is but a checkmark in a box away from being an administrator.
Therefore, I’m deleting all subscribers — but not those who subscribed to emails using the “Subscribe to Email” feature at the top of the right column. It’s built on a different system and doesn’t seem to carry the same potential for hacking.
But it’s possible that I’ve deleted some legitimate subscribers. If you’ve stopped receiving emails, please re-subscribe via the “Subscribe to Email” feature at the top of the right column. I apologize for the inconvenience, but I’ve just got to kill this virus.
When I check my NoScript plugin status on your home page, I see that your site is requesting to run javascript from cackle.ru, along with several more normal sites. You might want to ask your hosting service about that.