Hacker News new | past | comments | ask | show | jobs | submit login

As soon as we detect malware, that info starts getting sent to various places (e.g. the safe browsing lists that browsers use). But the data can take a while to get everywhere; in this case, it sounds like it made it to browsers a little before webmaster tools. That's unfortunate, but in general we wouldn't want to hold off showing the info in the browsers for any reason, because more users would be infected.

It's a pain to get hacked, but on the bright side it will probably help you harden security in the longer run. Some quick, simple tricks (e.g. use an .htaccess file to make a whitelist of IP addresses that can access your /wp-admin/ directory) can give a lot of protection.




Wow a reply from Matt Cutts himself! _blushes_ :)

Thanks for the explanation, and it makes sense. One thing I would suggest is to update the docs to point this out!

"Please trust the warning over what Webmaster tools says as they might take a while to update".

Love the idea of the .htaccess for /wp-admin/, I'll make sure the WPEngine guys implement that for our site.

So sorry for this whole hoopla everyone, and thanks for the help.


Happy to try to help, and good point about whether we should update the docs.

P.S. This incident aside, nice job on the site--bootstrapping is cool, and I like the idea of lo-fi mockups that are quick and easy to make.


Thanks for the feedback. I'll pass it on.

And good luck with fixing the hack!




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: