iamzero

Disabling or upgrading the sideblog plugin worked for me.

Hi becs,
I was hacked too a couple of days ago, and I don’t think our problems are related but just in case: check out what I did to improve security and maybe we can narrow the problem down to one or two plugins.

I don’t think the problems of this other user are related; I don’t use the Bad Behaviour Plugin and in my case, it didn’t look like page.php was hacked.

I have however succeeded in ‘surviving’ for two days now. This is what I did:
– I password-protected /wp-admin
– I upgraded the MistyLook theme that I was using (3.2) to the latest version (3.5)
– I upgraded Sideblog WordPress Plugin from 4.3 I was using to 4.4
– I removed /wp-admin/install.php. Visiting this page resulted in the message that WP was already installed, but in my log files I saw that the hacker managed to get to /wp-admin/install.php?step=2. Maybe this is useful information for a possible security hole in WP 2.3.1, I don’t know.

Anyhow, all these measures seem useful but I still don’t know what caused the trouble to begin with. Other plugins that I use are Akismet 2.0.2, Maintenance Mode 3.2, RunPHP 2.2.2, Lightbox JS v2.03.3 and WP-Polls 2.21.

Disabling the registration of new members is of course quite simple, but even after doing so, I was hacked yet again. I now password-protected the /wp-admin directory and I disabled some plugins, but I would be very grateful if someone could help me find the flaw in my security settings.

Does no one have the same problem? And if so, could anyone explain why a clean install would help when I already have uploaded the latest files?

Oops, sorry… like i thought I said… ??

Like I said, I’ve tested this on the default 2.3 theme, so I guess it’s there in the correct place:

<?php if (have_posts()) : ?>

		<?php while (have_posts()) : the_post(); ?>

			<div class="post" id="post-<?php the_ID(); ?>">
				<h2><a href="<?php the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php the_title_attribute(); ?>"><?php the_title(); ?></a></h2>
				<small><?php the_time('F jS, Y') ?> <!-- by <?php the_author() ?> --></small>

				<div class="entry">
					<?php the_content('Read the rest of this entry &raquo;'); ?>
				</div>

				<p class="postmetadata"><?php the_tags('Tags: ', ', ', '<br />'); ?> Posted in <?php the_category(', ') ?> | <?php edit_post_link('Edit', '', ' | '); ?>  <?php comments_popup_link('No Comments »', '1 Comment »', '% Comments »'); ?></p>
			</div>

		<?php endwhile; ?>

I’m having exactly the same problem but I wonder why a clean install would be necessary; the /wp-includes/wp-classes.php will still not exist after a clean install (/wp-includes/classes.php does exist, but I’ve got the latest version so how would a clean install make any difference?)

Any help would still be appreciated.

Thanks so much! It turns out that the Theme Preview Plugin caused the problem (although I couldn’t trace the space).

Delete it out of where? I checked /wp-includes/feed-rss2.php (which is a new file in WP 2.2) but I don’t see anything wrong there.

(this was a reply to a deleted reply…)

Feed Validator says the following:

This feed does not validate.
line 1, column 1: XML parsing error: <unknown>:1:1: xml declaration not at start of external entity [help]
01. <?xml version=”1.0″ encoding=”UTF-8″?>

There seems to be a space before ‘<?xml’… but does that really cause the problem? And if so, how to get rid of it?