Check for XSS Exploits
Matt Cutts, the head of Google's Web spam team, mentioned on his weblog today that you might want to check for XSS holes on your website, especially from "freeform text input such as search boxes." Scary, huh? It gets worse. Cutts mentioned that even large sites can have issues with XSS.
From the Cutts post: If you’ve noticed that your rankings in Google
seem to be affected, you might consider a few searches on your site to see if
anyone has injected spammy or porn content on your site. If your domain was
example.com, you might want to run a few queries such as [site:example.com porn]
or [site:example.com biaxin] or [site:example.com viagra] to see whether you run
across unexpected results.
Cutts made an addition to the post encouraging readers to change their admin password if they update their WordPress installation, as "sometimes hackers are smart enough to save your password and come back even after you've fully patched your system. Sounds like a good idea - for any database-driven site. One commenter on the post referenced a simple little solution called Firewall Script which I've heard of before. The solution stops SQL inhections, XSS, directory transversals and cookie poisoning. The solution sells for $120.00 US.