38 posts Themes Kingdom - Kindom of Awesomeness
  • Trendsetter
  • Author Level 9
  • Elite Author
  • Featured Author
+6 more
themeskingdom
says

Seems like more and more themes are infected with the malware “(counter-wordpress.com)”. Things you need to do if your theme is infected:

- Open wp-config.php and delete everything after: require_once(ABSPATH . ‘wp-settings.php’);

- Open index.php and delete everything between:

require(’./wp-blog-header.php’); ... ?>

- Re-install WordPress from within the WordPress Dashboard. Sometimes this can fix the infection

- Replace timthumb.php with the latest version

- Clear your browser cache, cookies…

- Change your WordPress administration login details and MySQL passwords also

Read more here

1479 posts The right tools with none of the gimmicks
  • Affiliate Level 4
  • Author Level 7
  • Beta Tester
  • Collector Level 2
+7 more
PixelBin
says

Thanks for the tips!

2067 posts
  • Collector Level 3
  • 5 Years of Membership
  • Exclusive Author
  • United States
Landonw
says

Mind explaining the effects of this?

30 posts
  • 4 Years of Membership
  • Exclusive Author
  • United States
PleaseR
says
LandonWilson said
Mind explaining the effects of this?

It was greatly explained in the link he posted. http://blog.sucuri.net/2011/08/mass-infection-of-wordpress-sites-counter-wordpress-com.html

Thanks for the extra info dude.

2067 posts
  • Collector Level 3
  • 5 Years of Membership
  • Exclusive Author
  • United States
Landonw
says

Ah – I didn’t notice it because TF links aren’t underlined and the green looks a bit like the black on my screen – sorry about that.

My client’s site wasn’t infected, and I was able to update timthumb.php quickly.

548 posts
  • 5 Years of Membership
  • Affiliate Level 1
  • Collector Level 4
  • United States
tonvie
says

Thanks for the tip. Done all the updates. I’m still not clear on how to know if you’ve been infected though.

386 posts
  • 6 Years of Membership
  • Collector Level 5
  • United Kingdom
kops
says

I got hit on one of my sites – the best way is to check your wp-config and see, at the end, if it has 100s of lines of whitespace, 30 lines of inserted code and another 100 or so lines of whitespace.

548 posts
  • 5 Years of Membership
  • Affiliate Level 1
  • Collector Level 4
  • United States
tonvie
says

Thanks kops, checking now :)

275 posts
  • Trendsetter
  • Affiliate Level 2
  • Author Level 5
  • 5 Years of Membership
+2 more
Anjum
says

Thanks themeskingdom

I have updated script late night

3007 posts
  • 5 Years of Membership
  • Affiliate Level 5
  • Author Level 9
  • Bundle Boss
+8 more
duotive
says

Yeah… removed the infection for two customers who did not update the theme when we released the update… i presume there will be more to come!

by
by
by
by
by
by