There is an ongoing attack on older versions of WordPress at the moment, you should update your WordPress to the latest version with immediate effect (currently this is version is 2.8.4 if you aren’t already aware), WordPress have published a report on this attack.
If you don’t know which version you are using already – you should be able to find out in your dashboard, but don’t waste time checking please just upgrade.
By upgrading you know roughly how long an upgrade will take, fixing a hacked site can take weeks (and in some cases can even be irrecoverable!!).
If you are unable to upgade your WordPress yourself contact support for more information.
How do I know if I’ve been hacked?
There are two things you may notice:
- Your permalinks, will work, but may look strange such as:
example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/.The keywords you are looking for here are “eval” and “base64_decode”.
- You may notice a second administrator added to your administrators (in the users section of WordPress) and you won’t be able to edit this user.
Preventing an attack:
Simple, upgrade – don’t try to hack around it, don’t use plugins to protect yourself, update your base code and upgrade now.
Fixing up after an attack:
Unfortunately this hack attacks the database as well, so simply re-uploading your files won’t fix your problems, you’ll need to do something far more involved (again, it’s easier to upgrade!):
- Export all your content as XML
- Backup general files (images/themes etc)
- Remove all files
- Re-upload the latest version of WordPress
- Import the XML of your posts, pages and comments (and hopefully no hacked code!)
Again, we may be able to work on this for you if you need us to.