I received a notification from Google today that one of my posts contained “badware“. I didn’t find anything at first. But then I noticed that the content of the post contained an iframe that I didn’t add.

Apparently, it was injected at some point in the past due to running an older, vulnerable version of WordPress. I do a much better job keeping up to date these days but I remember a while back I used to go months on an older version.

Just a warning: keep your WordPress installation up to date to avoid these kinds of problems. Fortunately, only two of my posts were “infected”. You can check your old posts for the same problem by searching for “iframe”.