raychaser42
Forum Replies Created
-
Forum: Plugins
In reply to: [Embedly] TinyMCE breaks in WP 3.7.1It’s actually not resolved. See post about my clarification.
In the absence of a solution we needed to stop using the plugin.
Forum: Plugins
In reply to: [Embedly] TinyMCE breaks in WP 3.7.1I think you misunderstand. There are no buttons involved here. The embedly plugin is interfering with our site’s basic tinymce:
We haven’t even tried to embed anything yet.
Forum: Fixing WordPress
In reply to: helo.php security vulnerabilityOk, so to follow up what likely happened was a site we’d forgotten was on our VPS had a wootheme with a timthumb vulnerability.
Through this vulnerability the malicious script was able to gain access to our other accounts and place the evil plugin on a number of our other WordPress sites.
What a pain! Still, could’ve been worse
Thanks to everyone’s help and for the links to those bullet-proofing WordPress articles.
Forum: Fixing WordPress
In reply to: helo.php security vulnerabilityworth a shot but….
A). We’re on OSX here and
B). We keep our passwords locked up really tight (i.e. always encrypted and never typed).I know that OSX viruses aren’t unheard of but I’m more inclined to lean towards the file permissions thing.
Anyway I’ll post back here if I learn anything more so that people can learn from my ways. 🙂
BTW. Does anyone know if there are security problems with the BackWPup plugin? It’s a common element on all the sites.
Forum: Fixing WordPress
In reply to: helo.php security vulnerabilityThanks. Most of this I’m already doing. I’m in touch with my host too to see if they can trace it. Likely it’s something to do with the way the permissions are set up.
Unfortunately we’ve got multiple infections across a bunch of sites so it’s going to take time to de-louse this whole mess but luckily I’ve got the whole thhing in source control so it’s a quick revert for the files.
Am I correct in assuming that if they were able to install a rogue plugin they had access to one of the WP account usernames and passwords?
