I had built a couple of websites at a reseller account with a webhost using wordpress version 3.0.1 last year in september and then left them. I updated one of the websites to wordpress 3.1 too a few days ago with all plugins also updated. But today when I checked the websites I saw that there was spam inserted into the blog posts. I have been clearing the second website and removed the spam manually but you can see the spam in the second website at:
As you can see the hacker has inserted the links directly into the posts and when I edited the post from my admin backend then I saw there was no post revisions since September which would mean that the hacker did not insert those links from wordpress admin backend but must have done through some other way. These are not some of my biggest websites but I am very worried about the spam now as this was directly inserted into the posts even without editing the posts. Does anybody have idea as to how the spam content link and content was inserted into the post and how can I stop it from happening again. I tried using the wordpress antivirus, wp security and bulletproof security in the first website but the scans did not reveal any virus too. Both the websites were on the same reseller account at the same host and it has only happened in that webhost. Both the websites were also using themes from the same wordpress premium theme provider but his themes should not be a problem as he is one of the biggest theme providers online.
The common plugins used in both the websites are:
Google XML Sitemaps, Remote Images Grabber, SEO Friendly Images and SI CAPTCHA Anti-Spam.
I am not sure how and where this spam came from and got inserted inside the post contents. Please help and it would be highly appreciated.