I’ve been using WordPress for quite some time for my personal site and sites that I develop for my clients. I won’t get into the merits/virtues now, suffice it to say I find it extremely flexible and extensible. In my new job – more on this in a future post – I am lucky to work for a firm that feels similarly and we have used the platform to create a number of really great sites that extend well beyond what you may expect WordPress to be capable of. When combined we have 20+ years of experience with the platform and we have literally seen it all – at least so we thought – until last night.

As one of my many responsibilities I train and support our clients and make myself available around the clock to make sure that they are able to do what they need, when they need to do it. As onerous as it sounds, it’s actually a fun and fulfilling aspect of my job and helps me maintain a very customer-focused perspective. Last night I was watching Game 1 of the NLCS (go Phils) when I received two rather panicked email messages from one of our clients who is in the final stages of prepping her site for launch. She basically alluded to the fact that she was adding/editing some posts when she received a menacing message on her screen.

Danger!
Self-comparison detected.
Initiating infinite loop eschewal protocol.
Self destruct in… 3
2
1

Even for someone who has designed, developed and used the platform I had never heard of the problem prior to this. Not knowing exactly what was going on and suspecting the worst – a hack or some other type of breach – I was concerned. However, I was also a bit curious so I decided to try and replicate it myself on my own blog. All that I had to do was to create a post, allow a revision to be saved and then try to compare the older version against itself. Here were my results:

Now, I knew my own install was pretty secure – I keep up with patches and maintenance on a regular basis – and also host my sites on a different server from the affected client so I pretty quickly ruled out hacking. But I still wasn’t sure if it was a problem or something else. I turned to Google for some help. Turns-out that there is a documented, but very unknown “Easter Egg” for WordPress that has been present since version 2.6 (at least per Doncha – a source I really trust when it comes to WordPress).

Here’s what I learned because of this whole situation. First, even if you think you’ve seen it all you probably haven’t. Second, never underestimate the cleverness of a bunch of programmers with a little extra time on their hands. Finally, always, always, always (did I say always?) keep your WordPress installations updated. While it’s not a 100% full-proof way of keeping your site secure, it does go quite a long way toward that goal.