Title: SQL Injection hack
Last modified: August 19, 2016

---

# SQL Injection hack

 *  Resolved [paulmp](https://wordpress.org/support/users/paulmp/)
 * (@paulmp)
 * [16 years, 10 months ago](https://wordpress.org/support/topic/sql-injection-hack/)
 * Hey all,
 * I run around 15 sites that have all been upgraded to WordPress 2.8.4, I assumed
   this upgrade would fix a security flaw in previous versions of wordpress where
   someone could use a bit of sql and change the first account’s email and password.
 * The reason I did the upgrade is because I had a couple of them hacked in the 
   last couple of weeks. But I’ve noticed a couple of them have been hacked since
   I did the upgrade, using the same method.
 * Is there any way to lock down wordpress to make it more secure?
 * Regards
 * Paul

Viewing 9 replies - 1 through 9 (of 9 total)

 *  [Clayton James](https://wordpress.org/support/users/claytonjames/)
 * (@claytonjames)
 * [16 years, 10 months ago](https://wordpress.org/support/topic/sql-injection-hack/#post-1181147)
 * [http://wordpress.org/support/topic/301710?replies=3](http://wordpress.org/support/topic/301710?replies=3)
 *  [figaro](https://wordpress.org/support/users/figaro/)
 * (@figaro)
 * [16 years, 10 months ago](https://wordpress.org/support/topic/sql-injection-hack/#post-1181148)
 * I don’t think they could actually change the password…just trigger an email to
   the admin to change it…which could be an annoyance. You may want to watch the
   following video for some security ideas.
 *  [timjrobinson](https://wordpress.org/support/users/timjrobinson/)
 * (@timjrobinson)
 * [16 years, 10 months ago](https://wordpress.org/support/topic/sql-injection-hack/#post-1181165)
 * I’ve been getting the same thing for the past few weeks 🙁
 * Just found [http://ocaoimh.ie/did-your-wordpress-site-get-hacked/](http://ocaoimh.ie/did-your-wordpress-site-get-hacked/)
   today, might help find where they are installing backdoors.
 *  Thread Starter [paulmp](https://wordpress.org/support/users/paulmp/)
 * (@paulmp)
 * [16 years, 10 months ago](https://wordpress.org/support/topic/sql-injection-hack/#post-1181167)
 * [@figaro](https://wordpress.org/support/users/figaro/) no they can actually change
   the password and the email address it gets sent to. I know because I’ve been 
   cleaning up the mess for the last couple of weeks, a lot of my clients run wordpress
   sites too and they have had the same thing, some of them got fully hacked and
   had their website replaced with a grim reaper and link to some Iran security 
   forum.
 * – paul
 *  Thread Starter [paulmp](https://wordpress.org/support/users/paulmp/)
 * (@paulmp)
 * [16 years, 10 months ago](https://wordpress.org/support/topic/sql-injection-hack/#post-1181168)
 * For example, one of my sites is currently down:
 * [http://www.paulpichugin.com/](http://www.paulpichugin.com/)
 * I’m going to fix it in the next couple of minutes
 * – paul
 *  [figaro](https://wordpress.org/support/users/figaro/)
 * (@figaro)
 * [16 years, 10 months ago](https://wordpress.org/support/topic/sql-injection-hack/#post-1181171)
 * Just going by this…
 * [http://wordpress.org/development/2009/08/2-8-4-security-release/](http://wordpress.org/development/2009/08/2-8-4-security-release/)
 *  Thread Starter [paulmp](https://wordpress.org/support/users/paulmp/)
 * (@paulmp)
 * [16 years, 10 months ago](https://wordpress.org/support/topic/sql-injection-hack/#post-1181176)
 * Well in total I’ve had 6 of my client sites hacked, some of them have just had
   the admin password reset, but others have had their entire site defaced, if they
   are defacing the site, I’m guessing they have remote control of it.
 * Also looking in the mySQL databases, the email account has been changed on all
   of them.
 * – paul
 *  Thread Starter [paulmp](https://wordpress.org/support/users/paulmp/)
 * (@paulmp)
 * [16 years, 10 months ago](https://wordpress.org/support/topic/sql-injection-hack/#post-1181333)
 * I worked out how they were getting into the other sites, on the first site they
   hacked they put in a backdoor script in the uploads directory, a “r57 shell” 
   script.
 * If you get hacked, make sure you check for this script, another one had a back
   door called “c100”.
 * Both of these scripts gave them shell access to alot of back end things.
 * – paul
 *  Thread Starter [paulmp](https://wordpress.org/support/users/paulmp/)
 * (@paulmp)
 * [16 years, 10 months ago](https://wordpress.org/support/topic/sql-injection-hack/#post-1181342)
 * This was related to the issue with 2.8.3 but they managed to get remote access
   as well as reset the admin password.
 * Their SQL Injection helped them change the admin email at the same time as resetting
   the password.
 * I’ve worked a resolution to change the first account to a dummy account that 
   has minimal rights. that way if they figure out how to target the first account
   again, they still don’t have access.
 * – paul

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘SQL Injection hack’ is closed to new replies.

## Tags

 * [Flaw](https://wordpress.org/support/topic-tag/flaw/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 9 replies
 * 4 participants
 * Last reply from: [paulmp](https://wordpress.org/support/users/paulmp/)
 * Last activity: [16 years, 10 months ago](https://wordpress.org/support/topic/sql-injection-hack/#post-1181342)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics