Discussion in 'Forum News & Feedback' started by SecNam, Sep 6, 2009.
WordPress › Blog How to Keep WordPress Secure
If you have 2.8.4 your clear, and you can check if your clean by looking at the permalinks menu if anything funky has happened.
Specifically look for eval and base64_decode in there, which is the method of injection.
If your infected, its going to be a long long night, as its infection has spread into the database, so upgrading WONT fix it.
**edited now I'm on my PC**
Another link about this that someone posted on twitter earlier: Old WordPress Versions Under Attack Lorelle on WordPress
Thanks for the heads up; only got one site on WP, which I've now updated to latest version (I just love the auto update feature via FTP in the Control Panel, so easy!).
It is much better, you can also now browse and upload new themes through the control panel.
WARNING - IF YOU HAVE AMENDED ONE OF THE DEFAULT TEMPLATES.
If you have amended one of the deafult templates this will be overwritten when you do an auto upgrade.
Separate names with a comma.