-
6
Oct
Unfortunately my answer to this is ‘Yes’ — one of my many WordPress sites had been infiltrated by a nefarious individual. I only became aware of it because I attended a briefing at the Manchester WordPress User Group session in September where Mike Little gave us a good briefing on the subject.
I’m not convinced I solved my problem yet — and am now in the middle of transferring content onto a new installation to make sure — so my first ‘insight’ would be to say — keep your WordPress install relatively up to date. I didn’t and I’m now regretting it.
How can I spot it?
This was fairly easy — I simply looked at the users screen within wp-admin and saw I had one more administrator user than I should have. What is interesting is the nefarious user includes a small piece of code in their username that then hides their line in the users table.
What did you do next?
I actually spotted this issue when I spotted a user kept vanishing as I refreshed my user screen (thanks, Firefox for not being too fast). I used this to my advantage and, after a few attempts managed to select this user and delete them.
Did this solve the problem?
Dunno — I’m getting around it by migrating the fairly minimally populted site to a new server (something I’d planned to do anyhow).
I’m sure this is far from a full explanation on the subject — but I thought it was worth documenting!
- Published by Jon in: Wordpress
- If you like this blog please take a second from your precious time and subscribe to my rss feed!
One Response to “Have you been hacked yet?”
Yep. Same thing happened to me.
The rogue user wasn’t hiding himself though, so easy to spot. I also found a rogue image and video in my media library.. the bad bit was that when i deleted them both a huge chunk of my other images also went with them
Am up to date now and am ‘automatically upgrading’ from here. Not sure if I’ve got time to migrate at the moment, but will be keeping hawkeye on the user list!
Leave a Reply