WordPress Security Alert – WP-PhpMyAdmin

June 23, 2011 · 4 comments

in WordPress

WordPress Security Alert – WP-PhpMyAdmin

WordPress Plugin Vulnerability

I started getting alerts from clients and so I needed to make you aware of something going on that likely does not affect you, but might.

There is an old plugin, called WP-PhpMyAdmin, that has been unsupported by its developer for several years, that has been removed from the WordPress repository because it contains files that can expose your site to hacking.

This was done some time ago – but now someone is again badly exploiting the security hole and we’re seeing infected sites again.

This plugin should be used under NO circumstance.

If you have a brand new site its unlikely you are using it unless you (or your tech person) installed from an old backup. However please check your site real quick for the presence of this as it exposes your database (and all logins) to the outside world.

-Kimberly Castleberry
Your Partner In Online Success

PS: This site is now running the pre-release (RC1) version of WordPress 3.2. Though the ongoing #500 errors are not related, I’d appreciate any other bugs reported directly or reported to me. Please remember I beta test extensively and your bug reports help me ensure that a stable release is available to you when it goes live.

Related Posts:
http://blog.sucuri.net/2011/06/wp-phpmyadmin-wordpress-plugin-delete-it-now.html
http://www.wpsecuritylock.com/?p=5972

Get The Inside Scoop!
social tripletKeep up with all the latest social marketing changes!


{ 4 comments… read them below or add one }

Daisy June 23, 2011 at 3:02 pm

Thanks for the heads up Kimberly! It’s a scary thought that one plugin might be a security hazzard. Luckily I don’t use the WP-PhpMyAdmin on any of my WP sites

Reply

Daisy June 23, 2011 at 3:04 pm

Thanks for the heads up Kimberly! It’s a scary thought that one plugin might be a security hazzard. Luckily I don’t use the WP-PhpMyAdmin on any of my WP sites

Reply

Mika Castro January 23, 2012 at 12:15 am

Thanks a lot Kim! The tactics are new to me, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage.

Reply

Shelley Alexander December 20, 2012 at 5:59 pm

Hi Kim,
Thanks for bringing this hacking issue to light along with offering practical solutions for dealing with it.
Shelley Alexander invites you to read…Cinnamon Almond Butter CookiesMy Profile

Reply

Leave a Comment

CommentLuv badge