I have been up to speed on all upgrades, all within 24 hours of release and never over 48 hours. So I am not suggesting the issue is/was related to WordPress, but the only common component of all the sites that were hacked was WP. The way to identify if your site is hacked is to Google the name or a keyword that will pull your site in the SERP, if in the list of names your site appears with a name other than what you have set it to be (in my case it turned out to be Cheap viagra) then you know you are in trouble. One other thing I noticed is that it prevents one from uploading images or media via the built in WordPress Upload/Insert feature while writing or editing a post/page.

The only thing I found that I do not recall adding is an “addhandler php4-script .php” tag in my .htaccess file. Not sure if that was the source of the exploit but I did restore the htaccess files to the original (pre-hack) state and hope for the problem to go away.

If you find you site has similar issues then look in the htaccess file (if you have one) for something like “addhandler php4-script .php”, there is no way for me to tell that is the problem but there seem to be no issue with deleting that line from the file. Hope it helps, leave a comment if you know more on this topic or have had similar experience.

1. Copy your code (HTML or PHP or whatever else) and paste it in the Postable post area (which at first will read “For your copy-and-pasting pleasure.”).
2. Click the “make me friendly” button
3. The code is converted to characters, for example < will be converted to & l t ;
4. Copy the characters and past it on your blog post or comment within code tags
5. That’s it.

In order to demonstrate how it works, I have copied and pasted a piece of code from one of our latest themes below using Postable conversion:

<?php if (have_posts())  >
<?php $postCount=0; ?>
<?php while (have_posts()) : the_post();?>
<?php $postCount++;?>
<div class="entry entry-<?php echo $postCount ;?>">
<h2 class="entry-title"><a href="<?php the_permalink(); ?>" title="<?php the_title(); ?>" rel="bookmark"><?php the_title(); ?></a></h2>
<p class="meta">
Posted <?php the_time('m.d.Y'); ?> at <?php the_time('g:i a') ?> in <?php the_category(', ') ?><?php if (function_exists('the_tags')) { ?><?php the_tags(', ', ', ', ''); ?><?php } ?> received <strong><?php comments_popup_link('Have your say »', '1 Comment »', '% Comments »'); ?></strong>.
</p>

The code is then displayed in a format that can be copied and pasted and never executed. Works fine to me!

Update: Two other tools of significant use are SimpleCode by Dan Cederholm which I have adopted as part of the comment form on this site and elsewhere and the user submitted Asciible converters!