It’s always surprising some of the things that can be found on Google with a little digging. Personal email, intimate photos, credit card numbers, you name it, someone has had it indexed by Google. Each new search service that Google rolls out adds new ways to find some of this interesting information. And Google Code Search is no different. In fact, some have already used it to find Wordpress usernames and passwords:

Being the curious beings we are, a friend of mine and I immediately started searching for passwords to see just how much Google was indexing. It didn’t turn up much in the way of anything “secret� until we refined our search to just wp-config files (the file that contains the database connection information for Wordpress installs).That worked. Since Google Code Search actually indexes the contents of compressed files like ZIP and TARBALL files, we were able to find copies of people’s wp-config files and several contained usernames and passwords.

This leads to a bit of very important advice: if you archive any type of PHP web application for backup/transfer, do not leave the archive file somewhere that Google can index it!