Posted 1 year ago #
I just found the following new htaccess file in my blog's root folder:
http://wordpress.pastebin.com/sxXBhT1P
My WP default theme, which I had been using since 2.1, has suddenly been encoded. I tried the decoding methods in the post http://wordpress.org/support/topic/encrypted-theme-heres-how-to-decode-it?replies=195 but couldn't decode it.
Can I delete that htaccess file?
that is a normal .htaccess generated by wordpress - if you delete it, permalinks will revert to default
paste the encoded section in the pastebin and let's see if it's harmful
Posted 1 year ago #
Thanks. I've pasted my index.php file in the pastebin:
http://wordpress.pastebin.com/QwAbAcvs
All the php files, such as sidebar.php and so on, have similar encoding.
http://wordpress.pastebin.com/Hsz1uMNH
the default theme does not have any code like that in it, so likely you have been hacked
if you are hosted at media temple - there is a sticky addressing this
http://wordpress.org/support/topic/was-my-site-just-hacked-found-random-script-in-all-pagesposts?replies=60
Posted 1 year ago #
Samuel,
Thanks. Looks like the decoder didn't work, because the code still has a lot of strings in it that weren't in the original.
The htaccess file and all the other files in the root folder are dated 8/1/2010. As far as I remember, that was the date I added the TinyMCE Advanced plugin. But I added the same plugin to another WP site that same day and that site's code looks fine.
I'll try the solutions in the other sites you posted. Thanks again.
This topic has been closed to new replies.
