-
6
Oct
Unfortunately my answer to this is ‘Yes’ — one of my many WordPress sites had been infiltrated by a nefarious individual. I only became aware of it because I attended a briefing at the Manchester WordPress User Group session in September where Mike Little gave us a good briefing on the subject.
I’m not convinced I solved my problem yet — and am now in the middle of transferring content onto a new installation to make sure — so my first ‘insight’ would be to say — keep your WordPress install relatively up to date. I didn’t and I’m now regretting it.
How can I spot it?
This was fairly easy — I simply looked at the users screen within wp-admin and saw I had one more administrator user than I should have. What is interesting is the nefarious user includes a small piece of code in their username that then hides their line in the users table.
What did you do next?
I actually spotted this issue when I spotted a user kept vanishing as I refreshed my user screen (thanks, Firefox for not being too fast). I used this to my advantage and, after a few attempts managed to select this user and delete them.
Did this solve the problem?
Dunno — I’m getting around it by migrating the fairly minimally populted site to a new server (something I’d planned to do anyhow).
I’m sure this is far from a full explanation on the subject — but I thought it was worth documenting!
one
