Title: Roadwolf's Replies | WordPress.org

---

# Roadwolf

  [  ](https://wordpress.org/support/users/roadwolf/)

 *   [Profile](https://wordpress.org/support/users/roadwolf/)
 *   [Topics Started](https://wordpress.org/support/users/roadwolf/topics/)
 *   [Replies Created](https://wordpress.org/support/users/roadwolf/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/roadwolf/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/roadwolf/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/roadwolf/engagements/)
 *   [Favorites](https://wordpress.org/support/users/roadwolf/favorites/)

 Search replies:

## Forum Replies Created

Viewing 7 replies - 1 through 7 (of 7 total)

 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Repeated Hacks at SQL Level.](https://wordpress.org/support/topic/repeated-hacks-at-sql-level/)
 *  Thread Starter [Roadwolf](https://wordpress.org/support/users/roadwolf/)
 * (@roadwolf)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/repeated-hacks-at-sql-level/#post-5113768)
 * Sorry for my previous post.. It was a tad lazy on my part to post that. I didn’t
   mean any disrespect.
 * Since that post however I think I did find a deeply hidden php hack file (PHP_Nuke*),
   inside the root directory of my server, hidden inside cpanel files (great work
   hosting company!).
 * That being said I host several websites, and they all share that common root 
   directory. Only my main blog was being targeted. But then again, I do sometimes
   post some controversial content on my blog, and wouldn’t be surprised if this
   was someone who wanted it to disappear.
 * It has been secure since I discovered and removed that file, and did another 
   complete wipe, and install. I also changed the SQL database and deleted all the
   tables except my posts. Then imported my posts to the newly installed database.
   The “All In One WordPress Security Plugin” has been great in preventing further
   attacks however. It is reporting that I am getting over 1000 IP’s (likely proxies)
   attempting brute force ‘admin’ login hacks an hour. The login attempts have now
   switched to using ‘test’ as a login instead of admin. So it is someone who really
   wants to get in.
 * To answer some questions however:
 * “All In One WordPress Security Plugin” Plugin Version: 3.7.7
    WP Version: 3.9.1
   MySQL Version: 5.1.63 PHP Version: 5.2.17 Apache version 2.2.22
 * I am using the F2 Theme.
 * Blog is located at roadwolf.ca
 * I have not used or heard of the MailPoet plugin. The only real plugin I dealt
   with at one time aside from Akismet was the Jetpack plugin package.
 * My hacker goes by the name Moroccan Double Agent.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Repeated Hacks at SQL Level.](https://wordpress.org/support/topic/repeated-hacks-at-sql-level/)
 *  Thread Starter [Roadwolf](https://wordpress.org/support/users/roadwolf/)
 * (@roadwolf)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/repeated-hacks-at-sql-level/#post-5113730)
 * I have read all of what Jan posted before. And re-reviewed the links, but they
   did not really help too much.
 * The “All In One WordPress Security Plugin” that Ross posted, I really like.
 * Taking all the information into consideration, I did a full filesystem wipe last
   night including all my uploads and other files not associated with WordPress.
   I Then changed databases, and database user/password (to randomized names). I
   scanned the old database and manually went thru it, looking at anything suspicious,
   deleting many tables which didn’t look legit vanilla wordpress.
 * I installed a fresh install of wordpress install from wordpress.org and a fresh
   new theme. linked to the new database. I did not upload anything else, and simply
   just got my blog working again.
 * Sure enough, tonight right on schedule, the file change scanner in the “All In
   One WordPress Security Plugin” informed me of file changes in every .php file
   in wordpress.
 * I am thinking there is a vulnerability within wordpress itself which is being
   exploited. This is also what my host is suggesting.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Repeated Hacks at SQL Level.](https://wordpress.org/support/topic/repeated-hacks-at-sql-level/)
 *  Thread Starter [Roadwolf](https://wordpress.org/support/users/roadwolf/)
 * (@roadwolf)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/repeated-hacks-at-sql-level/#post-5113650)
 * Hmm Okay. Well I only use Akismet as a plugin. But I will try that.
 * Also of note, whenever I try to update or install a new theme I get the following
   errors about update.php.
 * Warning: An unexpected error occurred. Something may be wrong with WordPress.
   org or this server’s configuration. If you continue to have problems, please 
   try the support forums. (WordPress could not establish a secure connection to
   WordPress.org. Please contact your server administrator.) in /wp-includes/update.
   php on line 119
 * Warning: An unexpected error occurred. Something may be wrong with WordPress.
   org or this server’s configuration. If you continue to have problems, please 
   try the support forums. (WordPress could not establish a secure connection to
   WordPress.org. Please contact your server administrator.) in /wp-includes/update.
   php on line 287
 * Warning: An unexpected error occurred. Something may be wrong with WordPress.
   org or this server’s configuration. If you continue to have problems, please 
   try the support forums. (WordPress could not establish a secure connection to
   WordPress.org. Please contact your server administrator.) in /wp-includes/update.
   php on line 435
 * I tried re-uploading a fresh copy of update.php a few times and that didn’t seem
   to solve it.
 * –
 * I will try the above mentioned plugin to see what it will find. I think the update.
   php issue may be a hint.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Comments not submitting](https://wordpress.org/support/topic/comments-not-submitting-2/)
 *  Thread Starter [Roadwolf](https://wordpress.org/support/users/roadwolf/)
 * (@roadwolf)
 * [12 years, 8 months ago](https://wordpress.org/support/topic/comments-not-submitting-2/#post-4131279)
 * I tried it in the 2013 theme, and still had issues. I have disabled the Jetpack
   Comments module inside Jetpack and it is working fine now. I posted on Jetpack’s
   support page.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Comments not submitting](https://wordpress.org/support/topic/comments-not-submitting-2/)
 *  Thread Starter [Roadwolf](https://wordpress.org/support/users/roadwolf/)
 * (@roadwolf)
 * [12 years, 8 months ago](https://wordpress.org/support/topic/comments-not-submitting-2/#post-4131166)
 * Hmmm, it seems that it is Jetpack which is causing the problem. I disabled the
   plugins, and then started them up again, and when Jetpack was re activated, comments
   stopped working. Mind you I only use Jetpack and Akismet, so I don’t really run
   too many plugins.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [How to remove hidden admin](https://wordpress.org/support/topic/how-to-remove-hidden-admin/)
 *  [Roadwolf](https://wordpress.org/support/users/roadwolf/)
 * (@roadwolf)
 * [16 years, 8 months ago](https://wordpress.org/support/topic/how-to-remove-hidden-admin/#post-1201570)
 * Yeah, what the hacker did to my site was create that hidden admin name, log in
   and change the permalinks to redirect to another site. I didn’t bother even looking
   to see what tags he entered, I just switched it back to my default style without
   his customized tags. This is of course after i removed him, and at the same time
   as i removed him, i updated wordpress, deleting all my files except my local 
   photos, theme and config file, and completely reinstalling. The theme looks unaltered.
   But if anyone else has experienced someone editing their theme, let me know.
 * My hackers username was RodrigoFitzgerald85
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [How to remove hidden admin](https://wordpress.org/support/topic/how-to-remove-hidden-admin/)
 *  [Roadwolf](https://wordpress.org/support/users/roadwolf/)
 * (@roadwolf)
 * [16 years, 8 months ago](https://wordpress.org/support/topic/how-to-remove-hidden-admin/#post-1201539)
 * You have to go into phpMyAdmin to fix this. Find users, browse the section, and
   you will see a list of all your users. go to the back of the list and you will
   see the latest entries. for me, the hacker used some .ru domains to sign up. 
   I deleted those from the SQL table and the user was no more.

Viewing 7 replies - 1 through 7 (of 7 total)