[muppetman]

Great writeup. It's clear, it's concise and it's not overly dramatic. Thanks for taking the time to write this up and share it.

I have invested a bit of time installing and tuning mod_security. I'd love to know how it'd have faired against this attack, probably it wouldn't have stopped the upload, but it might have stopped a lot of payload/control commands from working.

[joelhaasnoot]

While it's concise and not overly dramatic, lots of people run Wordpress on shared hosting. That generally means they don't have SSH access and the instructions are harder to follow... It needs a "for beginners" section on how to check and accomplish the steps.

[muppetman]

Valid point.

[code_duck]

I invest time in doing things like looking over any third party libraries for stuff like this, too. The quality of the average WordPress plugin is quite low, and I'm surprised we don't hear about issues like this more often.