Hacking of wp-config.php resolved

  • I’ve just managed to resolve a hacking issue that’s popped up for the second time. I don’t know what the exact issue is, or where it started, I’m hoping the community could help resolve this for me.

    Every once in a while my wp-config.php gets hacked and the following line gets added:

    require(‘/usr/www/users/SITENAME/wp-content/uploads/2009/05/themes.php’);

    It’s happened twice now, both instances also create the file themes.php.
    I then copy all the .jpg files in 2009/05, delete the other files created (it numbers in the hundreds of garbage files).

    Symptoms I normally get are:

      Links that get referred via Google end up on a blank page.
      There are links referring to movie websites in the footer
      The site load times double
      The homepage shows no new content – it stays the same as the first date of the hack.
      The admins don’t see the hack at all, it only gets displayed to non-admins.

    I’ve locked my wp-config file to 640 now, as well as locked the 2009/05/ directory. I’d really like to know what the source of this hack is, so if anyone else has also experienced this, or knows how to solve it I would greatly appreciate it!

  • The topic ‘Hacking of wp-config.php resolved’ is closed to new replies.