OT: Decrypting PHP preg_replace Strings

J. Landman Gay jacque at hyperactivesw.com
Mon Dec 26 01:43:29 EST 2011

On 12/25/11 9:28 PM, Sivakatirswami wrote:
> We have hackers on our web server getting in thru one Domain... I think
> there is a whole in WordPress.

My hosting provider, JaguarPC, just released this notice four days ago. 
Sounds like a similar thing.

Wordpress Security Advisory

     We are currently seeing a high number of Wordpress installations 
being hacked due to out of date scripts, plugins, and themes. The folks 
at Wordpress are very good about releasing fixes whenever they hear 
about a new exploit. Please take some time to check your installations 
and update everything noted in your WP admin panel under Updates 
including anything installed such as a theme or plugin that is not 
currently being used. Consider removing unused items for better security.

     Wordpress 3.3 was just released as well as updates for their 2 
default themes.

     Now is also a good time to harden the security of your blogs. There 
are lots of things you can do to protect your blogs from hacking. 
WPsecure has tips and info on recent exploits. See also Hardening 
WordPress « WordPress Codex . Many more tips are available by using 
search engines to search for "securing wordpress". A little time spent 
now on this can prevent huge headaches and downtime in the future.

     There are numerous security plugins you can install such as Login 
Lockdown, WP Security Scan, and Mute Screamer. I highly recommend them.

     Before making any changes, be sure to make a full backup of your 
account in your control panel under Backups. Wordpress users should also 
be doing routine database backups either with a cron job or a plugin 
named WordPress Database Backup. The database is the heart and soul of 
any blog. Scripts can easily be reinstalled but not lost data without 
current backups.


Jacqueline Landman Gay         |     jacque at hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com

More information about the Use-livecode mailing list