How to identify whether Wordpress websites are attacked and how to fix them

I know that most people have recently heard about attacks against older versions of Wordpress. If you haven't upgraded your blog to the latest and best Wordpress version, take the time to do so.

Don't close it as stupid as I do! Yes, my friends, my website Ask The Admin to be hacked. This should be a good method I can add.

I will show you how to find out my attack and how to fix it.

First, my AskTheAdmin.com account was notified of hanging malicious scripts in a directory of the host server. My host service provider told me that two malicious scripts were found on my host. They are:

This is because I know that my Wordpress blog has been hacked. I just read about the Wordpress vulnerability in the old version. I thought they would modify my permanent link, but they didn't do this to me at all. They used another method to play with me!

I immediately logged on to my account via ftp and deleted the script. Then I log on to Wordpress to view the user module.

498) this. style. width = 498; "border = 0>

Hell! Suddenly, the number of administrators has changed from two to three. For some damn reasons, the two administrator accounts displayed on the control panel are valid. So they not only added an administrator account to my Wordpress, but also managed to hide it to avoid the eyes of uninformed users.

So now I am paying for Google Fu (just like 'Kung Fu ', but not so confusing ). I found that the user name is still hidden on the page. So I right-click the page and choose view page source code:

498) this. style. width = 498; "border = 0>

When I open the page source code, search for my other Administrator Account name-Michael. Then I thought it would be better to search for the word Adminstrator directly-this gave me the correct location for the html code. Now I see the culprit:

498) this. style. width = 498; "border = 0>

This will find my account first, Michael's account, and LewisLawson63. This is added without my knowledge and hidden by using scripts that attack my Wordpress blog. Dog Day hacker !! However, the editing link of their account is the same line. This is what you need to click.

498) this. style. width = 498; "border = 0>
All I need to do is paste the wp-admin/link to the address bar from the HTML source code. That is to say Add/and the above link later. This will take you to the user's editing page:

498) this. style. width = 498; "border = 0>
Do you see what is in the name? The script here seems to be as long as there are 10 lines ...... All are attack code. I removed the code and replaced it with a new user name. Then I changed the role to a subscriber.

498) this. style. width = 498; "border = 0>

Now they appear in the list and I can delete them! Next, disable allow user registration in the WP Control Panel, as shown below:

498) this. style. width = 498; "border = 0>
Then back up my website. (In fact, I ran a MySQL query to view any modifications and insert iFrames in my article ). Into my posts) they turned out to have a hand on each of my articles! Fuck! I am glad to have backups every day.

I recovered the site to the status three days ago (when it was attacked ). I lost some articles, but the damage was fixed. They may display advertisements or worse things to your readers! So be careful not to make the same mistake again! Next time you will see:

498) this. style. width = 498; "border = 0>
Be obedient and upgrade it!