Title: Security Problem Last modified: August 18, 2016 --- # Security Problem * Resolved [angelbloom](https://wordpress.org/support/users/angelbloom/) * (@angelbloom) * [20 years, 6 months ago](https://wordpress.org/support/topic/security-problem-2/) * I recently had a security problem on my blog(s), [http://www.fractured-beauty.net](http://www.fractured-beauty.net). I’m not exactly sure what happened, but I visited my blog and I was bombarded by a number of popups, advertisements, and even viruses. * I looked around on my blog and I saw that some of my codes had been edited, mainly the sidebar, which had unfamiliar codes on it, and my footer. I fixed the problem, but went back through all of my templates and found this unfamiliar code at the bottom of almost all of my pages. * The code SHOULD be: * ` * but was this instead * ` * Was this just some hacker out to get me? or was it something i neglected to do security-wise with my wordpress installation? * note: i had NEVER given my password to anyone. nobody knows it but me, and nobody else uses my computer. Viewing 8 replies - 1 through 8 (of 8 total) * [moshu](https://wordpress.org/support/users/moshu/) * (@moshu) * [20 years, 6 months ago](https://wordpress.org/support/topic/security-problem-2/#post-287094) * Recently there was a similar report: [http://wordpress.org/support/topic/49693](http://wordpress.org/support/topic/49693) but as it turned out it was a bad script installed by the user, not WP> Did you install anything lately to your blog? A small counter… or anything? * Thread Starter [angelbloom](https://wordpress.org/support/users/angelbloom/) * (@angelbloom) * [20 years, 6 months ago](https://wordpress.org/support/topic/security-problem-2/#post-287095) * this happened to two of my blogs. they have nothing in common, really, no plugins that match, no counters, etc. i have counters on my first blog that have been there for about two years, so i doubt that it what is causing it. * my other blog, on the other hand, has no plugins, no stats, no nothing, and also had the exact same problem. * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [20 years, 6 months ago](https://wordpress.org/support/topic/security-problem-2/#post-287097) * angelbloom, * a quick google of some of what you pasted indicates that that is NOT related to any plugin you have installed.. and a look at the other post shows even the casual observer that what they pasted does not resemble what you pasted. You have dirs other than your image directory that are world writable (777)? If so, i reccommend changing those permissions asap. * there is base64 decoder available on the net at [http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/Default.aspx](http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/Default.aspx) for anyone that comes across what seems like uninteligible strings such as these.. * Thread Starter [angelbloom](https://wordpress.org/support/users/angelbloom/) * (@angelbloom) * [20 years, 6 months ago](https://wordpress.org/support/topic/security-problem-2/#post-287098) * thanks a lot! I’ll try it. from last night, when i removed those tags, my blog has been really quiet. i changed the permissions to 666 instead. it seemed that this post had the exact same problem i did: * [http://wordpress.org/support/topic/44318#post-276216](http://wordpress.org/support/topic/44318#post-276216) * and they were suggested the same thing. thanks a lot, we’ll see if it works. * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [20 years, 6 months ago](https://wordpress.org/support/topic/security-problem-2/#post-287101) * thats not the same problem (on the surface) The script they pasted is java encoded, not base64. Though it may very well be the same thing its not immediately identifiable as being so. * Regardless of that, Im happy that you didnt assume it was a plugin, and let it go. I checked your site and you are going to need to make the upgrade to 1.5.2, as you appear to be using 1.5 still. Updates might be time consuming in the here and now, but when they address security issues can save a lot more heartache down the road. * aditionally, if you have anything using php on your site other than what you already indicated, chances are that same code is somewhere within that, as well. * Thread Starter [angelbloom](https://wordpress.org/support/users/angelbloom/) * (@angelbloom) * [20 years, 6 months ago](https://wordpress.org/support/topic/security-problem-2/#post-287476) * anybody know where it could be coming from? is it being automatically generated or did someone like…do it? lol * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [20 years, 6 months ago](https://wordpress.org/support/topic/security-problem-2/#post-287481) * someone, like, did it. world writable dirs (777) are an absolute no-no.word-writable files are worse. * And like I have already said, it is a MUST that you keep current on updates. Thats a responsibilty that comes with running ANY software application, be it remote or locally. * Thread Starter [angelbloom](https://wordpress.org/support/users/angelbloom/) * (@angelbloom) * [20 years, 6 months ago](https://wordpress.org/support/topic/security-problem-2/#post-287502) * thanks. i have updated to 1.5.2 because of the problems that i got. thanks a lot for the help whooami ^^ Viewing 8 replies - 1 through 8 (of 8 total) The topic ‘Security Problem’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 8 replies * 3 participants * Last reply from: [angelbloom](https://wordpress.org/support/users/angelbloom/) * Last activity: [20 years, 6 months ago](https://wordpress.org/support/topic/security-problem-2/#post-287502) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics