Thursday, June 24, 2010

WordPress.Org and system users

If you notice you have these two strange users in your Wordpress: WordPress.Org, system - then it's very clear your site was compromised and you need to take some steps:

1) Remove those users, preferably manually with phpmyadmin
2) Check your template and your posts for modifications or hidden links insertions
3) Update Wordpress to the latest version
4) Look for backdoors in your .php files, generally malicious stuff is encoded, so check for "eval (" calls.