To my horror a few hours ago I discovered that one of my major blogs — http://howtoplaza.com — was hacked (read about the latest hacker attacks on WordPress blogs). I did some research and most of the solutions I found were quite vague, and the WordPress website doesn’t even mention the attack, let alone the solution.
How do you know your WordPress blog is hacked? An obscure string is appended to your post URL. You’ll see something like:
/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/
Simple solution if your WordPress blog is hacked
If you can log into your WordPress admin area you’ll notice there is another admin! Delete him or her immediately.
Please remember that this solution worked on my blog maybe because the hacker didn’t get enough time to mess around much.
- If you’re able to log in, immediately upgrade your WordPress installation files. I did an automatic upgrade from the Dashboard area.
- Then go to Settings and from there go to Permalinks. This is where you can rectify the problem. The active permalink has the extra string. Correct the permalink setting, and save it. Your blog starts working.
I don’t know if it is a permanent or a temporary solution, but none of my blog posts were loading, and now all are loading.