One of my clients was hacked with the so-called “Cannot redeclare” hack. It seems closely related to the nefarious TimThumb hack, so if you’ve been hit by either of these hacks, you should check for the other. Apparently these hacks affect shared servers, so if you host multiple WordPress sites, chances are high that they’re all infected.
This article is split into two parts for ez reference. First some information on the evil WordPress “Pharma Hack”, and then a recipe for protecting your site with a solid security lockdown. Choose your own adventure:
Update: Media Temple is saying (404 link removed 2013/10/11) that:
- They aren’t 100% sure the cause, but yes, it is their fault.
- About 10% of all (gs) users were affected.
- It’s not WordPress specific, it’s PHP specific.
- Definitely change your passwords, definitely don’t change it back to the original password.
… or slightly more accurately, that I don’t know how to write =)
I think it would be a cool format for a blog to have a title and a subtitle for every single Post. You could easily do it with Custom Fields, but this plugin would alter the Admin screen for writing posts to insert an additional text area underneath the title and above the content area.
Just recently my other blog CSS-Tricks was hacked. I first found out by a very helpful reader emailing me a screenshot from the mobile version of my site.