Title: orlo's Replies | WordPress.org --- # orlo [ ](https://wordpress.org/support/users/orlo/) * [Profile](https://wordpress.org/support/users/orlo/) * [Topics Started](https://wordpress.org/support/users/orlo/topics/) * [Replies Created](https://wordpress.org/support/users/orlo/replies/) * [Reviews Written](https://wordpress.org/support/users/orlo/reviews/) * [Topics Replied To](https://wordpress.org/support/users/orlo/replied-to/) * [Engagements](https://wordpress.org/support/users/orlo/engagements/) * [Favorites](https://wordpress.org/support/users/orlo/favorites/) Search replies: ## Forum Replies Created Viewing 5 replies - 1 through 5 (of 5 total) * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [WP Hacked Twice](https://wordpress.org/support/topic/wp-hacked-twice/) * [orlo](https://wordpress.org/support/users/orlo/) * (@orlo) * [20 years, 5 months ago](https://wordpress.org/support/topic/wp-hacked-twice/page/3/#post-289483) * seems like they are using some exploit to get in. Looking at the log file you send me- wht other plugins are in your wordpress installation I saw ‘wp-amazon- plugin.php’ and SK2 anything else? And maybe you can send also the info for your friends plug ins… * If we assume for a second that wordpress doesn’t allow for any exploits- it should be one of the plugins… * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [WP Hacked Twice](https://wordpress.org/support/topic/wp-hacked-twice/) * [orlo](https://wordpress.org/support/users/orlo/) * (@orlo) * [20 years, 5 months ago](https://wordpress.org/support/topic/wp-hacked-twice/page/2/#post-289437) * the provider is looking at the issue on a general level – at least that was my understanding- they found a log file (created by the malicious script which listed all files that where infected… seems like they are going through their servers right now… maybe kestrel can tell you more as sson as they are done… * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [WP Hacked Twice](https://wordpress.org/support/topic/wp-hacked-twice/) * [orlo](https://wordpress.org/support/users/orlo/) * (@orlo) * [20 years, 5 months ago](https://wordpress.org/support/topic/wp-hacked-twice/page/2/#post-289430) * I talked to kestrel – and it seems the provider has a bigger problem… the log file shows that some script is spreading across different clients/users on the same server- so I am not really sure if WP was the problem to start with… but changing the access rights should help a little… I think the provider will eventually figure it out 😀 * seems like they are responding fast… * as i said before- seems like a couple of servers are affected (see google)… * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [WP Hacked Twice](https://wordpress.org/support/topic/wp-hacked-twice/) * [orlo](https://wordpress.org/support/users/orlo/) * (@orlo) * [20 years, 5 months ago](https://wordpress.org/support/topic/wp-hacked-twice/#post-289407) * I’ll try to get in touch with you via email. Although I think if you are really using the latest version- there might be a bigger problem. A quick search on google revealed that more people are having a similar problem. Found a wordpress 1.2.2 (see report here: [http://board.thefanlistings.org/index.php?showtopic=47631](http://board.thefanlistings.org/index.php?showtopic=47631)) anothe report here: [http://forum.powweb.com/showthread.php?p=345602](http://forum.powweb.com/showthread.php?p=345602) and someone on: PostNuke 0.7.6.1 * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [WP Hacked Twice](https://wordpress.org/support/topic/wp-hacked-twice/) * [orlo](https://wordpress.org/support/users/orlo/) * (@orlo) * [20 years, 5 months ago](https://wordpress.org/support/topic/wp-hacked-twice/#post-289404) * this seems indeed a little bit worrying. Since reading these posts I got confused abiout which version you exactly use. Probably it’s best to first check your xmlrpc.php file. Just in case (it’s still form the old version) * For the jvascript included there seems to be a quick work around… but we need to find the whole/problem they are using… Viewing 5 replies - 1 through 5 (of 5 total)