Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

About Dougal Campbell

Dougal is a web developer, and a "Developer Emeritus" for the WordPress platform. When he's not coding PHP, Perl, CSS, JavaScript, or whatnot, he spends time with his wife, three children, a dog, and a cat in their Atlanta area home.
This entry was posted in WordPress and tagged , , , , , , , , , , . Bookmark the permalink.

39 Responses to Checking Your WordPress Security

  1. Pingback: Tweets that mention Checking Your WordPress Security -- Topsy.com

  2. Pingback: Attacks on old versions of WordPress | Blog Mum | WordPress made easy

  3. Thanks for posting that query. I host blogs for others and because they’re infrequent bloggers, they rarely update. I updated their blog from 2.6.1 today to 2.8.4 and with your query, I verified that, luckily, they were safe.
    I tried to copy and paste the query directly but it had the line numbers copied in, so here it is in a single line: SELECT u.ID, u.user_login FROM wp_users u, wp_usermeta um WHERE u.ID = um.user_id AND um.meta_key = ‘wp_capabilities’ AND um.meta_value LIKE ‘%administrator%’;

    Thanks again.

    • Dougal says:

      Yeah, sorry about the formatting. I didn’t realize until too late that the syntax highlighter plugin that I’m using turns the code into a list in order to get the ability to (optionally) display line numbers.

  4. Thanks for the quick tip!

    Once I heard of it, I run to backup my databases and then all I wanted to know was how to find out if I was attacked.

    Well, my sites have only 1 user, and I saw it right from phpmyadmin :)

    I’m gonna update some plugins and then upgrade my other site.

  5. Pingback: Check If Your Wordpress Blog is Hacked | Dotnetwizard.net | MyDNW.com

  6. Muhammad Ali says:

    Hey Dougal, thnx for sharing this. I just wanted to ask you that, besides running this query, would viewing the users table confirm the same thing. Or Running the query would do the trick

    • Vladimir says:

      Muhammad,
      Dougal’s SQL query shows you data from two tables simaltaneously. You will not see user right’s level from the single wp_users table. You need additionally check wp_user_meta table for admin right of every wp_users table record with the same id. To make it mannually when you have a lot of users is very time consuming, right? That’s why you need the query here.

  7. Pingback: How to Ensure that your WordPress has not been affected by the latest attack | Geekword

  8. Pingback: LlamaLabs » Archive » Monitoring Your Wordpress Administrator User List

  9. Thanks for the information Dougal,

    I’m somewhat new to wordpress, and blogging in general. Shortly after I put my blog online there was a new version available. I have a tendency to hold off on upgrades with the “If it ain’t broke, don’t fix it” attitude, but this time something told me the upgrade was a wise move.

    Thanks again for the support.

    ~ Orion

  10. Pat says:

    I set up a new WP site 2 weeks ago and immediately upgraded to 2.8.4. Unfortunately, hackers got in anyway, set up a new front page and used that as a coverup to set up 2 bank phishing directories deep in the admin and plugins directories. The site has been redone and is, hopefully, more secure.

    Today, after reading about the new worm, I searched the rest of the sites I manage (which had all been upgraded to 2.8.4 last week) and found one small one had 2 admin accounts that were visible and 4 that were hidden (visible for about 1/2 second and then gone). I did not readily have the database password to get rid of the bogus admins and didn’t want to wait until I could get to my second office to find the info. I deleted all files, set up a new database, and reinstalled WP. Now there’s just 1 admin, me.

    I appreciate every alert that comes out. This one I wouldn’t have caught.Pat

  11. Pingback: WordPress Blogs Under Attack

  12. Pingback: Problème de sécurité sur les anciennes versions de WordPress !

  13. Pingback: Blake Helms | Birmingham, Alabama

  14. Pingback: Psybertron Asks

  15. Constantine says:

    From what I have read in the wordpress link above, this is a very serious hack job because the hacker manages to insert spam (hidden links) into your old post.
    When my blog was hacked the hacker inserted hidden links only in the footer and cleaning that wasnt a big problem. I just removed the old install and installed a fresh one. If you have a blog with 1000 plus post and all of them are infected you might have big problem in your hands.
    The big problem is when google discovers the spam links, you will be slapped with a penalty and your blog de-indexed until you clean up.

  16. Alex Feldman says:

    Hello! Thank you so much for this post. I actually found a bunch of users in one of my sites that weren’t supposed to be My webhost warns me that more than 150 emails are being sent per hour, so this issue is somehow affecting my email account by sending emails automatically via my website.

    Could someone please tell whether I should do anything other than delete these users in order to stop sending spam involuntarily? Thank you!!

  17. Pingback: Wordpress Security Warning: Update Your Wordpress « PSDPunk

  18. Pingback: Upgrade Your Wordpress now! | Pinoy Problogger

  19. Pingback: Uppgradera alltid WordPress | Eyesx

  20. christian says:

    Hmm, interesting. I found a weird username: ‘WordPress’, with admin capabilities and invisibility. Does anybody else have one like this?

  21. Pingback: Community News: WordPress worm makes its way around the web | Webs Developer

  22. Pingback: Sicher bloggen mit Wordpress? Teil 1

  23. Thank you for the query
    I found one invisible administrator on my database. I deleted directly on the database.
    A thankfull french blogger.

  24. Suneel says:

    Thanks for pointing this out. I will make a search asap and check even though I am using the latest version of wordpress.

  25. ??? says:

    Thanks for pointing this out. I will make a search asap and check even though I am using the latest version of wordpress.

  26. thachcao says:

    Thank you for tips. I run checking for my own site. It’s OK, cos I just built it 5 mins ago. Thanks

  27. Pingback: Sicher bloggen mit Wordpress? Teil 1 « My Blog

  28. I would like to say thanks for sharing such a nice post. I ‘ll try to check out it.

  29. I don’t know about this, thanks for the tutorial.

    David

  30. Pingback: Week 36 in Review – 2009 | Infosec Events

  31. Praveen says:

    Wow!!! Nice Stuff buddy…..
    Recently there is a attack over WordPress Blogs by Hackers.The saddest part is exploited security Hole not yet Identified,

    Dirty Attack Over Hundreds Of WordPress Blogs
    http://www.techpraveen.com/2010/04/dirty-attack-over-hundreds-of-wordpress.html

  32. Pingback: Milestone Search

  33. Marc says:

    How can I find and remove the Javascipt that is hiding the unauthorized administrators? Or is it somehow imbeded in the Database for that user?

Leave a Reply

%d bloggers like this: