WordPress.org

Ready to get started?Download WordPress

Forums

About the hack warning, can you just modify version.php? (3 posts)

  1. BrianVS
    Member
    Posted 4 years ago #

    I never upgraded to 2.7 because I have made so many modifications to different wordpress files, including wp-admin, and don't want to lose those changes. (I can't even remember every WP file i've edited i've done so many).

    Anyways, this new hacker warning has me scared. I previously edited just the version.php file to say I had the latest version, just so i didn't keep getting the warnings to upgrade. Today I manually changed the version to 2.8.4, hoping that the hackers code simply looks for that file and if it's not current then continues with the code, and if it's current, then it moves on to another site.

    Each time I just change this line: $wp_version = '2.8.4';

    Do I also need to change the other line of code (to hopefully avoid being hacked)?
    $wp_db_version = 8204;

    And if so, will changing the database version number there mess up access to the database if I didn't actually upgrade?

    Otherwise.... to try another approach,
    does anyone know what the security hole is, so I could upgrade just an isolated file?

  2. Arun
    Member
    Posted 4 years ago #

    Full upgrade to the latest version of wordpress (2.8.4)
    is the only way to stay away from hacking. [modification of wordpress core files is not advisable in any account]

  3. Justin Tadlock
    Member
    Posted 4 years ago #

    1) Upgrade immediately.

    2) Never edit a core WordPress file. That's what the plugin API is for.

Topic Closed

This topic has been closed to new replies.

About this Topic