WordPress Security Alert – WP-PhpMyAdmin

More share buttons
Share on Pinterest
Share with your friends










Submit

WordPress Plugin Vulnerability

I started getting alerts from clients and so I needed to make you aware of something going on that likely does not affect you, but might.

There is an old plugin, called WP-PhpMyAdmin, that has been unsupported by its developer for several years, that has been removed from the WordPress repository because it contains files that can expose your site to hacking.

This was done some time ago – but now someone is again badly exploiting the security hole and we’re seeing infected sites again.

This plugin should be used under NO circumstance.

If you have a brand new site its unlikely you are using it unless you (or your tech person) installed from an old backup. However please check your site real quick for the presence of this as it exposes your database (and all logins) to the outside world.

-Kimberly Castleberry
Your Partner In Online Success

PS: This site is now running the pre-release (RC1) version of WordPress 3.2. Though the ongoing #500 errors are not related, I’d appreciate any other bugs reported directly or reported to me. Please remember I beta test extensively and your bug reports help me ensure that a stable release is available to you when it goes live.

Related Posts:
http://blog.sucuri.net/2011/06/wp-phpmyadmin-wordpress-plugin-delete-it-now.html
http://www.wpsecuritylock.com/?p=5972

More share buttons
Share on Pinterest
Share with your friends










Submit

Comments

  1. says

    Thanks for the heads up Kimberly! It’s a scary thought that one plugin might be a security hazzard. Luckily I don’t use the WP-PhpMyAdmin on any of my WP sites

  2. says

    Thanks for the heads up Kimberly! It’s a scary thought that one plugin might be a security hazzard. Luckily I don’t use the WP-PhpMyAdmin on any of my WP sites

  3. says

    Thanks a lot Kim! The tactics are new to me, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage.

Leave a Reply

Your email address will not be published. Required fields are marked *