Title: Possible WP 2.5.1 Exploit? Last modified: August 19, 2016 --- # Possible WP 2.5.1 Exploit? * Resolved [ffrebirth](https://wordpress.org/support/users/ffrebirth/) * (@ffrebirth) * [17 years, 11 months ago](https://wordpress.org/support/topic/possible-wp-251-exploit/) * I recently upgraded to WordPress 2.5.1, and think that there may be some kind of exploit that allows someone to inject a virus into your files. Ever since I’ve upgraded AVG has been picking up a “JS/Download.Agent” on my website, so I downloaded a hard copy of all my files and scanned them with AVG. * I found the virus in the file “wp-blog-header.php”, and then re-uploaded the original file and my website was fine once again. However, this morning the same virus threat came up again and this time it’s not in wp-blog-header.php. (The virus threat only comes up on the pages that are running WP, so it must be something to do with a WP exploit or something like that.) * So I was wondering, has anyone else ever had something like this happen to them with WordPress 2.5.1? Viewing 3 replies - 1 through 3 (of 3 total) * [hotkee](https://wordpress.org/support/users/hotkee/) * (@hotkee) * [17 years, 11 months ago](https://wordpress.org/support/topic/possible-wp-251-exploit/#post-793238) * Did you clear all your cache before re-uploading, including java/javascript. * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [17 years, 11 months ago](https://wordpress.org/support/topic/possible-wp-251-exploit/#post-793249) * > _(The virus threat only comes up on the pages that are running WP, so it must > be something to do with a WP exploit or something like that.)_ * Maybe. Or your host (your blog server) might have already been compromised and the exploit keeps being re-added. Why do I think that is probably the case? * > _I recently upgraded to WordPress 2.5.1,_ * The 2.5.1 upgrade was a security upgrade which by now should be code for “Now! Do it now. No joke, right now.” When you say you did it recently that tells us that you waited. Finding blogs running exploitable code is a trivial matter and you probably have been exploited already. * Take a look at [Donncha’s often quoted blog posting](http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/) and scroll down to the part that says “If you’ve been hacked”. * It should not need saying but make backups of your files and database and be prepared to restore them in case of the Bad Thing happens (such as you bork your blog and it stops working). * If you can export your blog to a file (Manage -> Export) look over that file in a text editor and confirm that virus you found is not there, then I suggest you start with a totally clean database, files, themes, etc. and build your blog from scratch using the exported data. * Good luck. * Thread Starter [ffrebirth](https://wordpress.org/support/users/ffrebirth/) * (@ffrebirth) * [17 years, 11 months ago](https://wordpress.org/support/topic/possible-wp-251-exploit/#post-793275) * Hey, * I fixed the issue, thanks for your help everyone. * Turns out that it was my cache regurgitating old files, even though I’d cleared it once before already. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Possible WP 2.5.1 Exploit?’ is closed to new replies. ## Tags * [exploit](https://wordpress.org/support/topic-tag/exploit/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 3 replies * 3 participants * Last reply from: [ffrebirth](https://wordpress.org/support/users/ffrebirth/) * Last activity: [17 years, 11 months ago](https://wordpress.org/support/topic/possible-wp-251-exploit/#post-793275) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics