Support » Fixing WordPress » Discussion Options changed by plugin?

  • I have discovered something slightly disturbing today. I logged into my WP admin area, to discover that two comment spams came through. But that wasn’t the disturbing part. I’ve been wondering why I haven’t been receiving any comment notifications via e-mail, so I went to OPTIONS > DISCUSSION to check my DISCUSSION OPTIONS settings.

    Somehow, the “Email me whenever… Anyone posts a comment” checkbox was unchecked. Furthermore, under “Comment Moderation,” where it says, “Hold a comment in the queue if it comtains more than ___ links,” somehow, the variable had been entered by someone, or something, other than myself as “666.”

    I am wondering if anyone out there is aware of the file or files in which the admin options settings are stored can easily be hacked without logging into the admin area. Or, is it possible that someone just figured out my password and is playing games with me? I’m not sure how someone could have figured out my password, but nonetheless, I have changed it.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Well, the options are stored in the database, not in any file. So that makes it a little harder (but not impossible) to get to. The only way to manipulate it w/o the admin screens is through some sort of database tool like phpMyAdmin.


    Moderator James Huff


    What version of WP are you running?

    Well, with a cross-site-scripting cookie hijack, and a matching HTTP post the settings could be changed.

    That would entail you clicking on a link that was posted to your site, so that your login cookie could be read. Have you followed any of the spammer’s links “just to see” what was there?

    But this seems a bit much work for a spammer to do, for one site. But if this was wide-spread, I could see a market for a list of “open blogs” for use by spammers.

    Doesn’t Spam Karma change that setting?

    I was just about to say that, I remember freaking out in my options section when I saw the 666 thing – but yeah, I never did figure out if it was a plugin or the fact that I’d just done a fresh upgrade.

    Anyway, my point was that it happened to me, too and it wasn’t a hacker. It was just stuff I put on my site that did, uhm, strange things.

    Thanks for the feedback! 🙂

    I am using WP 1.21 at the moment.

    I did, out of curiosity, click a spammer’s link about a week ago. It led me to a webpage that was (supposedly) no longer in existence. I don’t remember the exact verbiage that was on the page, but it said something like, “account suspended due to abuse,” or something like that.

    Moderator James Huff


Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Discussion Options changed by plugin?’ is closed to new replies.