Recently, we have been receiving an increasing number of requests for malware removal from sites that have older versions of Movable Type mixed in with their servers.


Server vulnerabilities not just WordPress vulnerabilities

At WordPress Doctor, we remove malware from hundreds of WordPress sites each year, and we have recently received a number of complaints from sites that have been infected with malware.

The site was created using Movabale Type in the past, but at some point the site was converted to WordPress, and the old Movable Type code is still on the server.

We are seeing more and more cases where the old Movable Type code is still on the server.

(Other systems such as Movable Type may also have vulnerabilities.

As server management companies have warned, vulnerabilities may exist not only in WordPress, but in other systems as well.

Examples
Notice of Vulnerability in Movable Type 4.0 or later

Even if you are not using that system, a program vulnerability can be exploited by an outside party to access the program itself, which can lead to site tampering or backdoors.

What to do

If you have a system other than WordPress on your server that is not in use, we recommend that you remove the programs from the server.

This security issue also applies to unused themes and plugins. We recommend that you deactivate and remove any unused WordPress themes and plug-ins as much as possible.

If your site is infected with malware, you can use the plugin to scan and remove the malware.
Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].