All self-hosted WordPress-powered blogs must upgrade to the latest version to avoid an ongoing attack. WordPress.org hosted blogs are not affected.

Espidesigns.com has just been attacked and is now being fixed and monitored. I was informed of the virus attack from my email sent by my WordPress Antivirus plugin. A “backdoor” was created by a “hidden” Administrator and could potentially exploit security holes and get right down to the database level.

Lorelle on WordPress gives us clues to determine if your site has been attacked:

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.

All users are advised to upgrade to the latest version of WP. While those already affected can get to this FAQ to fix the problem.

No related posts.