I’ve actually written on this topic a little bit on my blog recently in the post, Web Security in the Web 2.0 Age

There’s also a good blog post on your theme on Vaclav’s blog, Would You Give Me Your Password for a Candy?

The other side of not putting your information out there is not browsing websites that are going to infect your system. Unfortunately, the humble workhorse of Web 2.0, the WordPress blog (or any other blog for that matter) is a default vector of malware that cyber criminals can use indirectly to gain access to your info. If you accept comments or have a contact form, you’re vulnerable, or already hacked.

Until recently, most bloggers haven’t cared about whether they were already hacked or not. So long as you could sign in and post whenever you wanted, why would you care if unknown quantities of computers were infected by you. Besides, how many bloggers do we know who actually have the budget to contract IT consultants to clean up their code? I sure don’t have that kind of cash.

But now that Google is tagging all infected websites with the message “This site may harm your computer”, it’s a big problem for bloggers. Just imagine how fast your industriously-gathered web traffic would drop if Google tagged it?

So what’s the solution? Keep updating our WordPress platforms and crossing our fingers? I’m not really sure…