Support » Fixing WordPress » WordPress 2.8.4 Hacked

  • Resolved kersplash



    I have always run version 2.8.4 since its release, and have WP-Security Admin Tools installed and everything was good as far as security, no admin username, database tables not prefixed by wp_, etc. Or so I thought, until today. Now I find the code ;

    eval(base64_decode(‘aWYoIWlzc2V0KCRpZ3AxKSl7ZnVuY3Rpb24gaWd, etc. etc.

    inserted into a bunch of my .php files on my website. Nothing untoward is displayed on my pages or links to suggest to me my site has been hacked, the site just doesn’t work until I have gone through and edited all of the offending code out of the pages. The only thing I can suggest security-wise is that I do have several plugins installed that have updates which I haven’t installed (due to not wanting to break what’s not already broken.) Are these plugin updates the source of my problem? Another thing I did recently was to install a plugin called “Who Is Online”. I have since deactivated this plugin. Any ideas on how to stop this from happening again?


Viewing 11 replies - 1 through 11 (of 11 total)
  • I use who is online, not sure if that could be aproblem.

    My site had the same hack….you don’t happen to use SMF for a forum do ya? I got hit hard through SMF and it dirtied up all my software.

    Also, there are various ways you could be hacked. Did you start with 2.8.4 or have you been using WP for a while? A previous version could’ve gotten hit. Or, if you are on shared hosting, it could’ve come through someone else’s insecure software.

    Good luck getting it cleaned, you’ve gotta do that asap…it’s a pain.

    Moderator Mark Ratledge


    Forum Moderator

    Everything you need to know is here: How to Completely Clean a Hacked WordPress Install.

    Same thing happened to me…still working on them.

    I see when my sites load it say:

    I’m guessing that’s the hacker? Do you see this as well? It’s not a plugin. I’ve deleted all plugins and uploading fresh 2.8.4

    the best thing is to reinstall WP, clean your theme, and reinstall ALL plugins with fresh downloads.

    You may also have to look around for strange named files. I had files that weren’t part of WP in my directory that I had to get rid of…..

    it got confusing for me as 2 different software packages got hit…and between the 2 of them they messed up every file I had.

    Luckily I had a backup from only a week ago. I have restored it and changed my passwords. Much quicker than re-installing everything (provided I wasn’t infected back then), but I am pretty confident. Lesson learnt….backup….backup….backup.

    Same thing happened to me. Is there not a risk that there is still something suspicious in the database? I replaced all files one evening, and the hack reappeared the next evening…

    database will definitely need to be cleansed

    Hello Moderator,

    Is there no possible way to protect WP 2.8.4 without upgrading ?
    And how can someone modify code in my php files when the only ways to edit them are FTP to the server and/or have Admin access to WP [given that no one knows admin access credentials to WP Login /FTP ) ?



    Forum Janitor

    The only way to protect the 2.8.4 version would be for you to include yourself all the security fixes which were introduced since then. Because this becomes increasingly difficult as the versions move forwards, this is the reason why instead it is better to upgrade.

    People can edit your files or otherwise hijack your system by exploiting these bugs. They do not need to have your FTP details.

    Thanks Mr Mist.
    Could you point me to a certain resource that describes how these changes can be done manually.




    Forum Janitor

    Hi, no I cannot. I’m afraid that if you wished to do that it would be down to yourself to scour the changeset history.

    The core team attempted to keep a stable branch maintained with security fixes for a while with the 2.0.10 version, it didn’t work out, though.

    Realistically you are best upgrading and trying to adapt things that might not work. You’ll probably expend less effort overall, too.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘WordPress 2.8.4 Hacked’ is closed to new replies.