Sep 7, 2009 by Matt | Posted in WordPress
Are you running a version of WordPress prior to 2.8.4? If so, you should upgrade now. There’s a major attack going around that targets older versions of WordPress. Lorelle has the full details.
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as
example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.
In case once wasn’t enough, upgrade your copy of WordPress if the version is less than 2.8.4. This security flaw, of which details are lacking, applies to any version of WP prior to 2.8.4, and any site running the older software is at risk.
CodeIgniter. CakePHP. Kohana. There’s no shortage of PHP frameworks…but why should you use one? What are the major advantages? MVC – The Model-View-Controller architectural pattern helps you tier your code for easier maintenance. By keeping the data-manipulating logic separate from the bits that handle…
GetGravatar is a jQuery plugin that is a perfect touch for blog comment forms. It monitors an email address form input, and makes an AJAX request to load a Gravatar. (See a demo.) This would enable you to show a user’s Gravatar next to…
Have you ever wanted to add a drop shadow around an element, but didn’t want to mess around with extra background images just to pull off such a simple effect? Why not use a cutting edge CSS3 effect, which won’t work in Internet Explorer…
What do you think of the blogroll in my sidebar? It takes up very little space, sweeping all of the links out of sight until they’re called for. When you hover over it, they snap down. This trick is done entirely with CSS, and…