38 posts Themes Kingdom - Kindom of Awesomeness
  • Elite Author
  • Envato Studio (Microlancer) Beta Tester
  • Most Wanted Bounty Winner
  • Has been a member for 3-4 years
  • Referred between 1 and 9 users
  • Sold between 100 000 and 250 000 dollars
  • Bought between 100 and 499 items
themeskingdom says

Seems like more and more themes are infected with the malware “(counter-wordpress.com)”. Things you need to do if your theme is infected:

- Open wp-config.php and delete everything after: require_once(ABSPATH . ‘wp-settings.php’);

- Open index.php and delete everything between:

require(’./wp-blog-header.php’); ... ?>

- Re-install WordPress from within the WordPress Dashboard. Sometimes this can fix the infection

- Replace timthumb.php with the latest version

- Clear your browser cache, cookies…

- Change your WordPress administration login details and MySQL passwords also

Read more here

1478 posts The right tools with none of the gimmicks
  • Sold between 50 000 and 100 000 dollars
  • Elite Author
  • Has been a member for 5-6 years
  • Referred between 50 and 99 users
  • Bought between 10 and 49 items
  • Contributed a Tutorial to a Tuts+ Site
  • Exclusive Author
  • United States
+1 more
PixelBin says

Thanks for the tips!

2051 posts
  • Has been a member for 4-5 years
  • Bought between 50 and 99 items
  • Exclusive Author
  • United States
Landonw says

Mind explaining the effects of this?

30 posts
  • Exclusive Author
  • Has been a member for 2-3 years
  • United States
PleaseR says
LandonWilson said
Mind explaining the effects of this?

It was greatly explained in the link he posted. http://blog.sucuri.net/2011/08/mass-infection-of-wordpress-sites-counter-wordpress-com.html

Thanks for the extra info dude.

2051 posts
  • Has been a member for 4-5 years
  • Bought between 50 and 99 items
  • Exclusive Author
  • United States
Landonw says

Ah – I didn’t notice it because TF links aren’t underlined and the green looks a bit like the black on my screen – sorry about that.

My client’s site wasn’t infected, and I was able to update timthumb.php quickly.

548 posts
  • Bought between 100 and 499 items
  • Has been a member for 4-5 years
  • Referred between 1 and 9 users
tonvie says

Thanks for the tip. Done all the updates. I’m still not clear on how to know if you’ve been infected though.

349 posts
  • Bought between 100 and 499 items
  • Has been a member for 5-6 years
  • United Kingdom
kops says

I got hit on one of my sites – the best way is to check your wp-config and see, at the end, if it has 100s of lines of whitespace, 30 lines of inserted code and another 100 or so lines of whitespace.

548 posts
  • Bought between 100 and 499 items
  • Has been a member for 4-5 years
  • Referred between 1 and 9 users
tonvie says

Thanks kops, checking now :)

271 posts
  • Exclusive Author
  • Has been a member for 4-5 years
  • Sold between 10 000 and 50 000 dollars
  • Bought between 1 and 9 items
  • Referred between 1 and 9 users
Anjum says

Thanks themeskingdom

I have updated script late night

3007 posts
  • Author had a File in an Envato Bundle
  • Bought between 1 and 9 items
  • Elite Author
  • Europe
  • Exclusive Author
  • Has been a member for 4-5 years
  • Referred between 100 and 199 users
+2 more
duotive says

Yeah… removed the infection for two customers who did not update the theme when we released the update… i presume there will be more to come!

by
by
by
by
by
by