Tag Archives: users

Checking Your WordPress Security

By Dougal | Published: September 5, 2009

You may have already heard that sites running out-of-date versions of WordPress have been under attack (Lorelle, Weblog Tools Collection, WordPress Dev Blog). Of course, sites running the latest version of the software seem to be safe, which once again takes us back to what I said over a year ago: Upgrade or else! I haven’t seen complete details yet about how this new worm works, but reports say that part of the hack is to create a new Administrator level account, and then try to hide the existence of that account (via javascript) when you view your list of users.

If you want a sure-fire way to make sure there are no “extra” administrator accounts registered in your blog, I suggest going straight to the source: your MySQL database. [...]

Posted in WordPress | Also tagged administrator, base64, database, eval, hacks, hidden account, permalinks, Security, url, WordPress | 36 Comments

Subscribe
- All posts
- All comments
- Subscribe by email:
Follow Me
Referrals
Lifestream
- After an archaeological dig through piles of mail and kids' school papers, I have re-discovered our long-lost kitchen table. [dougal]
  
  — 22m ago via Twitter
- Crud. Too slow to score a Bag O' Crap in the #woot happyhour mini-wootoff. [dougal]
  
  — 41m ago via Twitter
- Stocking up for visitors. @johncain, @lissaraye, @julieblaine, @charliekil coming up tomorrow! — at Kroger http://gowal.la/s/eDM [dougal]
  
  — 10h ago via Twitter
- Gorillaz "Fire Coming Out Of The Monkey's Head": http://bit.ly/amQxEg ... Michelin "Evil Gas Pump" commercial: http://bit.ly/cc8qoI [dougal]
  
  — 10h ago via Twitter
- Posted iandstewart: A super intro to WordPress Theme Frameworks http://bit.ly/9Og4Ql (make sure you click the notes tab!).
  
  — 11h ago via Twitter Favorites