3.5 wp_admin/options.php

A closing tag isn’t required. wp-config.php is another file where you can quickly see the same behavior.

right. so why am I getting slammed with bogus bots, accessing all my admin files ?
and getting bad links coming in.
have located all the bad malicious injection codes, I think. yet it seems to be increasing.

tried some htaccess blocks, but then my images don’t show up.

this is getting old.

right. so why am I getting slammed with bogus bots, accessing all my admin files ?
and getting bad links coming in.

It isn’t because of the lack of a closing php tag in options.php.

Start by working your way through this information:

https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:

https://sitecheck.sucuri.net/scanner/
https://www.unmaskparasites.com/
https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

ClaytonJames, I have spent two solid weeks now going thru all that. have failed to find one real doc telling what exactly chmod each directory and file within it should have to enable me to access, the blog to access it, and to keep invaders out.
oh, there’s one, but doesn’t really tell you the numbers. like 755, or 644, and which files, etc.
have made myself almost blind going thru each file multi times. have deleted blocks and blocks of malicious code. and the malicious links to my site still keep coming, in fact have increased. and I would really like to block every darn bot and robot on the planet right now, including Google.
have upgraded, deleted unused and questionably useful but old plugins. themes. etc. etc. etc.
am using a great plugin for all those 404’s now: Not Found Children. at least until I can fix this, if it can be fixed.
But I will look at those links to see if there’s something I missed.
so, thanks.

BTW, the blog really works fine, it’s just those darn incoming malicious links.

have failed to find one real doc telling what exactly chmod each directory and file within it should have to enable me to access, the blog to access it, and to keep invaders out.
oh, there’s one, but doesn’t really tell you the numbers. like 755, or 644, and which files, etc.

Ten seconds of searching on this very site will set you on course with that information: Permission Scheme for WordPress

If you read all that info, you can see that it’s not always cut and dried. Permissions and ownership can vary depending on the environment and safety mechanisms being used; although you seem to have some knowledge of where to start, because as a whole, in a properly configured shared environment, 0755 for directories and 0644 for files is usually fine.

Have you contacted your host at any point and advised them that you have been having issues? That’s usually step one. They will also be able to tell you what your file and directory permissions should be for your particular environment. If you are having issues with unwanted code being placed INSIDE of files located on your web space, then you definitely need to contact your host. It may be a case of intrusion from somewhere on your own server (if shared).

the malicious links to my site still keep coming, in fact have increased. and I would really like to block every darn bot and robot on the planet right now…
…BTW, the blog really works fine, it’s just those darn incoming malicious links

Frankly, I’m not completely sure exactly what that implies: Are you just getting tons of comment spam? If so, do you use any anti-spam measures? Or is actual code being written into the files within your web space?

Contact your host. They should be able to help set you on the right path. If you’re actually suffering from a hack of some sort, they will also want to know about it.

First, that Permissions doc is more confusing than ever.
I’m the only user allowed. except for a couple ‘aliases’, that are also me.
but neither aliases are admin. just authors. (Is that clear?)
I use an old Dreamweaver on my MacBook Tiger. for editing and FTPing.
(I do have Leopard on my upgraded Powerbook G4)

I have access of course to my cPanel, and file manager, which I can use to change permissions, and view and edit files, etc. and to get to the MySQL, and the phpMyAdmin Manager.

I did contact my SiteGround host, and got one little hint that a malicious code had been added to a file. had to ask them what file, and what code. but they said to clean it up for me I would have to pay them $100 plus. gads, why did I end up there? already paying them over $230 a year for two domains. on shared servers. Linux.

I am not a wiz, but not a noobie either. tho sometime I feel like one.

I wanted to cleanup as much as I could before upgrading. was using an old version of WP cuz I have this old theme I use. and was afraid new upgrades would break it, as it has in the past.

but trying the 3.5 on a MAMP on my Mac with the old theme seemed to work okay, so was ready to upgrade finally.

used the auto upgrade included with WP version I was using. which does not remove all the old files. I just went thru and eliminated a lot of those a little while ago.

Yes, I was getting a lot of comment spam. using Akismet to monitor. now more plugin stuff. turned off comments.

but seems like after upgrading getting more and more bots hitting the login with ‘admin’ and incoming links like this:
https://blog.talesofkingtut.com/order-hoodia-online/
one of the nicer ones. but now using the NotFound plugin.
so
using the WordFence plugin, it looks like I may have cleaned it up. the last old plugin eliminated with malicious code in it. surprise! it was the Google Adsense Deluxe one.

So now, I need to protect my files. and what codes should I use to keep them out? Directory wp-admin 755? and all files in it 644?
and they all seem to try to hit my wp_content/upload directory too.
how do I protect that?
Tried an htaccess, but then my images did not appear in the blog.

so anymore direct advice welcome. please don’t refer me to another confusing doc. I’ve been thru dozens of them.

Thanks again, Clayton.

use this plugin “wsd security” it’ll tell you your weeknesses