[wp-hackers] Hacked blogs

Otto otto at ottodestruct.com
Sat Mar 28 14:29:46 GMT 2009

I have seen themes from some sites (I won't mention any names here)
that definitely do have backdoors in them. In one case, the code was
in the clear, in another, it was in a obfuscated footer.php file.

In general, if a theme has any obfuscated code in it, then I'd say
it's untrustworthy.


On Fri, Mar 27, 2009 at 7:53 AM, Lynne Pope <lynne.pope at gmail.com> wrote:
> 2009/3/27 Rich Pedley <elflop at googlemail.com>:
>> With everyone mentioning, and concentrating on plugins, these days I'd
>> advise that you check themes as well.
> It seems Joost's Twitter post telling everyone to keep an eye on their
> blogs is getting attention. I had another person report the same hack,
> but this time on WP2.6.5.
> Plugins in common were only Akismet, Tweetbacks and Google Sitemaps.
> BUT, both sites are using the same premium/commercial theme which
> contains a lot of code.
> This may be coincidence but I couldn't spot any vulnerabilities in the
> plugins they have in common, or in their server setup. If there is a
> common vulnerability in 2.6.5 & 2.7.1 I didn't manage to find it.
> I was careful not to suggest the theme is the culprit but have advised
> them to contact the theme developer (hope they don't go off saying I
> am casting aspersions on the theme!!!!)
> Lynne
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list