Tag Archives: database

Checking Your WordPress Security

By Dougal | Published: September 5, 2009

You may have already heard that sites running out-of-date versions of WordPress have been under attack (Lorelle, Weblog Tools Collection, WordPress Dev Blog). Of course, sites running the latest version of the software seem to be safe, which once again takes us back to what I said over a year ago: Upgrade or else! I haven’t seen complete details yet about how this new worm works, but reports say that part of the hack is to create a new Administrator level account, and then try to hide the existence of that account (via javascript) when you view your list of users.

If you want a sure-fire way to make sure there are no “extra” administrator accounts registered in your blog, I suggest going straight to the source: your MySQL database. [...]

Posted in WordPress | Also tagged administrator, base64, eval, hacks, hidden account, permalinks, Security, url, users, WordPress | 36 Comments

Subscribe
- All posts
- All comments
- Subscribe by email:
Follow Me
Referrals
Lifestream
- @kmfpl Oom-papa-mow-mow! [dougal]
  
  — 1h ago via Twitter
- Thanks for those links, @dartdog! They lead me to some other good sources. [dougal]
  
  — 2h ago via Twitter
- Need links to any articles about acceptance of open source software in the medical field. Anybody? (plz RT) [dougal]
  
  — 2h ago via Twitter
- Whoah. I bet custom post_type permalink endpoint support in #wordpress 3.0 is going to be a huge thing. http://bit.ly/9AkVs2 [dougal]
  
  — 3h ago via Twitter
- @brightsides You're in Mobile? Say hi to my birthplace for me :) [dougal]
  
  — 3h ago via Twitter