WordPress Adventure – NoScript Hack Solved
I know this is a bit off the Django path but as it affects all my fellow Django bloggers who use Wordpress (any version), I figured I’d share. Over the past few days I noticed alot of <noscript> tags with weird links embedded in my blog, just above the comments. Then today my most recent post was removed and replaced with a long list of <noscript> encased links. This tactic is used by spammers to artificially inflate engine rank, I’m surprised it works but either way its a nuisance.
The Fix
The simplest and most effective way to fix the problem, after digging through the web to find a solution, is to remove the “xmlrpc.php” file from the wordpress directory. I renamed mine to some garbage name without a PHP extension and everything in WordPress seems to function OK. The drawback is that you will loose ability to remote publish your articles to WordPress. It beats having to fight off spam daily and its not a critical feature (I’ve never used it). The official thread from WordPress on the <noscript> attack may have more info. Upgrading WordPress does not seem to do solve the <noscript> problem. Again hope this helps, spread the word, spammers have no friends!
More from Aware Labs
- Constructive reasons to use Django instead of Rails (Proxied)
- Django Generic Relations Made Easier
- Retiring Old Posts To Keep Django Fresh
- Django Deserializer Bug On Foreign Key When None
- UnicodeDecodeError Exception Fix On Templates
Aware Labs Recommends
- WordPress For Business (The Arkayne Blog)
- Popularizing Django — Or Reusable apps considered harmful. (USwaretech)
- Minimum Essential WordPress Plugins (The Arkayne Blog)
![Recommend [AwareLabs]](http://s3.amazonaws.com/arkayne-media/img/badge/logo-recommend-badge-medium.png){kind=icon}
