Title: WordPress 2.6 posts hacked Last modified: August 19, 2016 --- # WordPress 2.6 posts hacked * [hilaryjb](https://wordpress.org/support/users/hilaryjb/) * (@hilaryjb) * [17 years, 9 months ago](https://wordpress.org/support/topic/wordpress-26-posts-hacked/) * I’m getting pharmaceutical spam inserted into the body of my posts. Usually with a stylesheet (from mcasro.org) hiding the text from visitors, occasionally not. * I’ve been reading up on possible causes and eliminating one after another: - there are no extra users in the database - there are no unwanted active plugins disguised as image files - there is no code in my active theme with `eval(` or `base64` - nor yet in the main script files, except in wp-app.php where it’s meant to be. - nor anything in theme or script files with ‘beliy’ or ‘keymachine’ or ‘seogoogle’ or any of the other things you’re advised to search for - recently changed my admin password to something very obscure - all files have good permissions - I’ve overwritten files faithfully when upgrading – apart from wp-config, see below * There was a brief interval when theme files were left at 777, hence all my searching in there for anything alien. Can’t find anything. And until yesterday I hadn’t upgraded wp-config.php for years. Done that now… but since it could be a month before the next attack, I’ve no way of telling whether this will have made any difference. * I need help. * Anyone? Viewing 7 replies - 1 through 7 (of 7 total) * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [17 years, 9 months ago](https://wordpress.org/support/topic/wordpress-26-posts-hacked/#post-840855) * are you getting this **after** having done all of the above? because really, about the only thing I would recommend that you didnt mention doing is changing the mysql passwd. you can safely assume that’s been compromised, even if it hasnt. * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [17 years, 9 months ago](https://wordpress.org/support/topic/wordpress-26-posts-hacked/#post-840856) * and btw, kudos, **serious** kudos for you — for not only searching around and doing your homework, but for giving all the recommendations you read up on a go. * oops, i did forget one other thing .. plugins… * check that none of your plugin versions are on here, at the least. * [http://www.milw0rm.com/search.php?dong=wordpress](http://www.milw0rm.com/search.php?dong=wordpress) * then make sure youre upgraded. * [@mercime](https://wordpress.org/support/users/mercime/) * (@mercime) * [17 years, 9 months ago](https://wordpress.org/support/topic/wordpress-26-posts-hacked/#post-840859) * Try [#1 and #2 solution here](http://wordpress.org/support/topic/195163?replies=12#post-824387) as well. The database fix video in solution #1 and if all fails, solution #2. Good luck. * Thread Starter [hilaryjb](https://wordpress.org/support/users/hilaryjb/) * (@hilaryjb) * [17 years, 9 months ago](https://wordpress.org/support/topic/wordpress-26-posts-hacked/#post-840869) * Thanks very much for the responses! Much appreciated. The downside of using WordPress is feeling very much alone when things go pear-shaped. * Yes, the problem still occurred after doing all the above – the only exception is updating wp-config.php. Trouble is, there’s no positive way to tell if the problem’s fixed, as there tends to be a delay of a month or more between attacks… * I don’t have any of those plugins – and thank you for the list, as I was wondering how to check for vulnerabilities there. * How to change the mysql password and not break the blog? Do I just change it in Cpanel and edit wp-config.php? * As you can probably tell from that question, I’m not an expert. 😉 I’m really short of time and wholly lacking in knowledge to fix this. (Does anyone sell WP tech support?) * I will look at solutions #s 1 and 2, thank you, and try them when I feel brave. * Thread Starter [hilaryjb](https://wordpress.org/support/users/hilaryjb/) * (@hilaryjb) * [17 years, 9 months ago](https://wordpress.org/support/topic/wordpress-26-posts-hacked/#post-840921) * Turns out #1 is what I’d already done, looking for added active plugins. But the music’s good. 😉 * Any advice on changing the mysql password, anyone? * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [17 years, 9 months ago](https://wordpress.org/support/topic/wordpress-26-posts-hacked/#post-840935) * > How to change the mysql password and not break the blog? Do I just change it > in Cpanel and edit wp-config.php? * Yes.. **assuming that you are using the same mysql password that is used for your ftp login, and cpanel login**. Cpanel is set up so that one password affects everything. Change your password there, change your wp-config.php and remember that the next time you try to access cpanel or use your ftp client, you will need to use that same password. * Thread Starter [hilaryjb](https://wordpress.org/support/users/hilaryjb/) * (@hilaryjb) * [17 years, 9 months ago](https://wordpress.org/support/topic/wordpress-26-posts-hacked/#post-841002) * I have different Mysql users and passwords for each database, so I created a new user with access to the blog db, put this one in wp-config.php, and deleted the old one. Nothing broke 🙂 * Would anyone like to guess what are the chances that this will have solved the problem? Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘WordPress 2.6 posts hacked’ is closed to new replies. ## Tags * [exploit](https://wordpress.org/support/topic-tag/exploit/) * [post spam](https://wordpress.org/support/topic-tag/post-spam/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 7 replies * 3 participants * Last reply from: [hilaryjb](https://wordpress.org/support/users/hilaryjb/) * Last activity: [17 years, 9 months ago](https://wordpress.org/support/topic/wordpress-26-posts-hacked/#post-841002) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics