[wp-hackers] WP exploit , was Re: [Webmaster Central Help] Site hacked.

Jeremy Clarke jer at simianuprising.com
Wed Dec 2 18:30:00 UTC 2009

It's also worth going through any media uploads added since the attack
and making sure they are really images (downloading them to OSX and
checking that they have thumbnails in them worked for me). Some might
be PHP files that are being loaded somehow, depending on your server

For the actual core files its definitely worth completely deleting
wp-admin and wp-includes and replacing them entirely with pristine
versions, nothing really to lose there.

Jeremy Clarke
Code and Design | globalvoicesonline.org

More information about the wp-hackers mailing list