Stay up to date with our newest WordPress themes, WordPress plugins, WordPress tutorials, and other announcements.
There is a security exploit going around, and it could affect anyone not using the most up-to-date version of WordPress at the moment, which is WordPress 2.8.4. Lorelle has a good writeup on how old WordPress versions are under attack. To summarize, here’s what to look out for if you think your WordPress site may have been compromised.
- Unusual additions to your WordPress permalink structure. If you see anything like “eval” and/or “base64_decode” in your URLs, you’ve already been hit.
- This is a real kicker: a hidden admin account. That’s right, the exploit can let the attacker set up a hidden admin account that may not even be displayed in your user list.
This post offers some solutions if you have already been hacked. Remove the extra permalink code in Settings → Permalinks, remove the extra admin account, and (obviously) upgrade to the latest version of WordPress.
Has anyone been affected by this exploit? I’m happy to say out of all of my WordPress sites, I haven’t been hit, although I have still upgraded all of my WordPress installations to the latest version, including Theme Lab, and I highly recommend you do the same (as long as you backup first). Just another reason to keep your WordPress version up-to-date.