I've moved! I've moved my online home to mikejolley.com, and thats where I'll be blogging primarily. This site will stay live for archive purposes :)

Possible wordpress/server exploit?

October 19, 2008 | Published in: Out of the Blue | Tags: 2

In the last week a few of our blogs have been hit by some malicious JavaScript which won’t let you leave the page and will display adverts for dodgy malware scanners. Somehow the JavaScript was inserted into the index.php file in the site root. I’m not 100% sure how it was exploited, but in case you come across it, the code is inserted below the html tag in the index.php file so delete that code; I also recommend changing the file permissions to 444 (read only) just in case.

Found this post useful? Why not buy me a coffee!

Related Entries

  • No related posts found

2 Responses to “Possible wordpress/server exploit?”

RSS feed for comments on this post.

  1. Aaron says:

    I had a similar problem last month, even though I had the latest WordPress version installed. If you’d view the pages’ source, you’d see lines and lines of js, and all google ads would be replaced with po*n & spyware banners.

    Comment made on October 19, 2008 at 8:03 pm

  2. Anthony Brewitt says:

    I have the same problem on a sites running a few different version of WP. Changing file permissions seems to do the trick. Take note: it affects all index.php’s; root index.php, wp-admin/index.php and wp-content/index.php – make all read only!

    Comment made on October 20, 2008 at 12:53 pm

The comments are closed.

About this site

Blue Anvil is the online web design journal & portfolio of , a web designer from Norfolk, England. Read More »
MiniCard Theme for WordPress

  • Featured work - More

    • Beefjack
    • Integrity
    • theotaku.com

  • Latest Tweet - More

    • @pippinsplugins Thanks. We're rewriting all those queries anyway (queryposts uh oh)

  • Out of the blue - More

    • Download Monitor 3.3.5 Tagged for release

      The latest update to Download Monitor for WordPress has been released; this version comes with a many fixes and some new features, such as improved sorting. For full details view the readme; you can grab the plugin here.

    • Closing the Forums

      Just posting to let current users know that I’m closing the forum on Blue-Anvil. This is mainly due to spam-registrations getting out of hand and being a general nuisance. I will be posting good topics as FAQ items within posts if applicable.

      Please note that you can still post and get help for my plugins/themes by posting on the wordpress.org website.

    • Show off your MiniCard!

      Are you a user of the WordPress MiniCard theme? Its been downloaded over 14,000 times so far!

      If you have used it as-is, made your own child-theme or done something creative with it, please show off your MiniCard’s in the comments, I’d love to see how the theme is being used!

    • Spam Stopper updated for WordPress 3.0

      My Spam Stopper plugin has been updated for WordPress 3.0 (version 3.1.3) – you can grab it here. Sorry this update took longer than my other plugins but this one gets less lovin’ – if you want to change that feel free to donate, spread the word, or rate it on the WordPress.org plugin page.