Support » Requests and Feedback » WordPress hacked using default-filters.php?

  • Yesterday my server was hacked and all index* files on my entire server including wordpress installs were defaced by crackers_child. I particularly noticed that even after restoring the index pages the blog would show the culprit HTML at top of each page and then I noticed that the HTML was actually in wp-includes / default-filters.php.

    I googled and it sees there is already an advice about a vulnerability in this Php used in wordpress mentioned at

    I always run the latest stable version of WordPress and it really alarms me that a hacker was probably able to deface my entire site using this vulnerability.

    Is the WordPress developer community listening?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Are you sure that this vulnerability is the cause of your problem? 9/10 it is a server attack from another site hosted on the same server. They walk the site with rights to change all the files mentioned. Server logs will tell a story.

    Are the devs listening? I’m sure they are, are they listening to you specifically, maybe. 🙂




    oops I replied to the wrong post. never mind.

    Was this one ever resolved? I was running 2.2.1 and was hacked through a POST request to default-filters.php (with some other junk on the end). Since upgraded to 2.3.1 but have found no evidence of a fix so am a bit worried.

    I have the log file entry which may be useful to wordpress developers. I’ll bookmark this page and check back if a developer is interested in a copy. Unfortunately I don’t have copies of the 2 files that were overwritten (panic delete).

    Issues of security (that is, possible exploits and such in WordPress, not just basic site attacks) can be sent to:


    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    I can find no information about a default-filters hack. The link given in the original post details a different problem which was only present in WordPress 2.0.1 – 2.0.5.

    Looking at default-filters.php myself, I can see no vulnerability there at all. Running it directly will just cause an error message, at best, regardless of what you do.

    If you were hacked, it was through some other method.

    Many thanks for the replies and the email address. I guess the guy was fishing – there were 2 post requests, the first to default-filters and the second to the top level. That would make sense as default filters is mostly arrays.

    I was using an old template which turned out to have a fair bit of php in it. I’ve upgraded to the new template and limited my changes to style. That should sort it.

    Thanks again.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘WordPress hacked using default-filters.php?’ is closed to new replies.