How To Fix Wordpress Invisible Administrator Hack
by admin on Mar.10, 2010, under SEO and Online Marketing
Recently I noticed that my last 3 post was suddenly attributed to an unknown user (El****less77). I know this was abnormal since I am the only one currently posting on this blog.
I checked my user list and Administrator list, and could not find anything relating to that user ID.
After a long search in the Internet, I found a crude way to solve it thanks to http://www.journeyetc.com/uncategorized/wordpress-permalink-rss-problems/
1. Open up the Users panel on your Wordpress admin, and go to Administrator section.
2. View the Page Source code, and search for the name (El****less77, or whatever is in your case).
You would find a code similar to the following:
<tr id='user-2'> <th scope='row' class='check-column'><input type='checkbox' name='users[]' id='user_2' class='administrator' value='2' /></th> <td><strong><a href="user-edit.php?user_id=2&wp_http_referer=%2Fsomething%2Fwp-admin%2Fusers.php%3Frole%3Dadministrator">El****less77</a></strong></td> <td> </td> <td><a href='mailto:test@test.com' title='e-mail: test@test.com'>test.test.com</a></td> <td>Administrator</td> <td class='num'><a href='edit.php?author=2' title='View posts by this author' class='edit'>3</a></td> </tr></tbody>
3. Look at the URL of your admin panel: http://www.thinkerati.com/whiterabbit/wp-admin/users.php?role=administrator
4. Cut the domain/folder portion and combine it with the “user-edit.php?user_id=?” portion of the code you found.
Example:
http://www.thinkerati.com/whiterabbit/wp-admin/user-edit.php?user_id=2
5. Set a new password for this account, assign a new email address that you control, and set the account level to Subscriber
6. Save, and go back to the admin panel for Subscribers, and delete this account. Don’t forget to attribute the posts from this account to one of your account so they wouldn’t get deleted.
WIN.
And don’t forget to upgrade your Wordpress. Apparently this issue can affect Wordpress version older than 2.8.4
March 11th, 2010 on 3:45 pm
awesome post. thank you so much! I had an invisible admin and was able to delete using your instructions. It was interesting because of two reasons.
#1. I have WP 2.8.4. So either the hack was from an earlier version of WP or 2.8.4 is susceptible.
#2. The “name” of the user (not “username” was this long string of code that started with…
var setUserName
ANY IDEA what damage could have been done or how to investigate?
March 12th, 2010 on 8:58 am
Not sure about the damage, but it would be wise to change your admin and any other crucial passwords :)
March 29th, 2010 on 10:40 pm
If you want to change the themes on your blog you should click on the theme that you want then click “activate “. Of course, if you are tired of using the themes that came with WordPress you can always import some of your own. If you want to use a new theme for your WordPress blog you will need to download it. There are many WordPress themes which are available on the internet. You can go to the galleries and find a theme which perfectly suits you. Be sure that you choose one that is going to add a sense of style to your blog. There is nothing which turns people off of a blog faster than a boring theme and dull site. If you want to enhance your blogs you should download a new theme.
April 4th, 2010 on 6:59 pm
Really informative post! Thanks for the details.
April 7th, 2010 on 10:28 pm
One great plugin I’ve begun to use is Wordpress File Monitor. This plugin scans your Wordpress installation and reports if any files have been added, deleted, or changed. The plugin is customizable to run on a schedule that you set. You can also exclude directories from the plugin’s reporting so that you’re not alerted every time you upload a picture to insert into a post. I, however, recommend that you do not exclude directories as that directory may be the next location of the next exploit.
April 8th, 2010 on 9:02 am
Howdy, I am very impressed by your blogging competencies. I have a blog myself.
April 14th, 2010 on 11:05 pm
good quality topic , search this from blogsearch plus good luck for you.just add the rss feed toward my reader,keep bring up to date!
April 17th, 2010 on 10:48 pm
Super-Duper site! I am loving it!! Will come back again – taking you feeds also, Thanks.
April 18th, 2010 on 9:03 am
good share, great article, very usefull for us…thank you Your site is very useful for me .I bookmarked your site!
April 19th, 2010 on 7:00 pm
great share, great article, very usefull for me…thank
you cheap jordan shoes
April 19th, 2010 on 9:28 pm
good topic , search this from blogsearch after that good luck for you.just add the rss feed toward my reader,keep bring up to date!
April 20th, 2010 on 3:17 am
thanks !! very helpful post!
April 23rd, 2010 on 12:04 am
Toyota Owner Manualshas a virtually endless list of manufacturers, models and vintages that is so comprehensive that you will find yourself trying to catch it out by looking for your old cars on there as well as downloading the guide for your current one. With this information to hand, all you need to concern yourself with is downloading the correct manual and keeping the information close to hand for the hopefully rare occasions when a fault occurs.
April 28th, 2010 on 12:05 am
thank! for this news it’s a good infomation !
April 30th, 2010 on 12:26 am
Please, can you PM me and tell me couple of far more thinks about this, I’m really fan of your blog…
May 3rd, 2010 on 11:29 pm
lol a lot of of the comments folks put up are a bit spacey, time after time i question whether they really read the content material and reports before leaving a comment or whether or not they just simply look at the title of the article and jot down the first idea that drifts into their heads. anyway, it’s good to look over clever commentary from time to time compared to the same exact, outdated post vomit which i almost always discover on the internet
May 12th, 2010 on 9:52 am
Great Blog. I add this Blog to my bookmarks.