My Blog Was Hacked + WordPress 3.3 Update Fatal Error!

TimThumb Vulnerability Hack Fix

I’ve always had a habit of ignoring WordPress updates because I have a belief that “if it ain’t broke, don’t fix it!”. Oh boy, that came back to bite me in the ass this morning.

So it began when I got a Google alert that a few of my blog posts has been picked up by Google’s search bots. “Great”, I thought but wait…those posts looks a bit strange. On closer inspection, they were spam posts for sex performance drugs and using pictures of scantily clad women on my blog!

hacked My Blog Was Hacked + Wordpress 3.3 Update Fatal Error!

“How did this happen??” I gasped! The links are coming directly from my blog and the posts uses the same theme as my blog!

Well after much research, I found that there’s quite a few security holes that needed to be plugged by the WordPress updates as well as a common plugin called “Timthumb”. The scary thing is that this plugin can be exploited even if its in a theme that is not active!

Wow! So I updated my WordPress installation using the “automatic update”, and that got me a fatal error with one of my plugins. A double-whammy in one morning! After almost 2-hours of trouble shooting, things are back to normal. I thought that at the very least, I’d make a blog post out of it in case it helps any of you.

So here are the solutions in case any you encounter such a horror one day:

If you encounter a fatal error after upgrading to the latest WordPress build, chances are, its caused by a plugin incompatibility. This effectively locks you out of the admin panel and is quite alarming. But don’t panic! The solution is to identify the offending plugin and deactivate it.

In my case, the culprit causing the fatal error in WordPress was the popular “Popup Domination” plugin.

 The way to deactivate the plugin and thus returning you access to your control panel is to simply rename the plugin folder using any FTP software. You can do this for specific plugins (just rename the specific plugin folder) or the entire plugins folder (rename the “plugins” holder under “WP-Content” to say – “plugins-old”).

When WordPress can’t find the plugin (because you renamed it), all it does is deactivate it. This allows you access back into the WordPress admin panel. Then you reactive them one-by-one until you find the plugin that causes the error! When you know which plugin is the offending plugin, you can either delete it or replace it with an updated version if it exists.

Now, about how to fix the “Timthumb” vulnerability. I found a simple solution on this post:

http://ravidreams.com/fix-timthumb-security-issue/

Basically, its just a mater of locating the “timthumb.php” file, and replacing it with this one:

http://timthumb.googlecode.com/svn/trunk/timthumb.php

Now, I can’t say if this has permanently fixed the issue but so far, the offending SPAM posts has been removed and everything seems to be back to normal.

From now on, I will definitely make sure to keep WordPress updated – especially if any vulnerabilities have been found and fixed!

 

 

If you enjoyed this post, please also subscribe to my RSS feed! You can also follow me on Twitter here.

Tags: , , ,

Leave A Reply (8 comments So Far)


  1. Marilu Stuart
    2 years ago

    I just updated my WordPress.org blog (will check on my .com blog tomorrow)….I know what you mean about not wanting to do updates in fear of loss, etc. Even though I back up every week…thanks for this post. Very helpful for those of us who have experienced a “panic” or two during an update… ;)


  2. Brian Wong
    2 years ago

    Yes, I did not want to update until I was forced to when spammers exploited vulnerabilities in the old version. Best to bite the bullet and stay up to date.


  3. Carsten
    2 years ago

    Thanks for the info Brian. Immediately when I saw your post I also updated my blog. Was already a few updates behind. Sorry you had to go through the trouble and had this stuff put on your page.


  4. Bruce Hunter
    2 years ago

    Brian. Thanks for the update here. What did you do to fix PopUpDomination and get it working again?


  5. Sardar
    2 years ago

    And Brian, please do not forget to change your passwords as well. They might sneak in again. This has happened to me quite a few times. So I have learnt the hard way to keep things updated always. Cheers.


  6. Brian Wong
    2 years ago

    Yes, I forgot to mention, that was the first thing I did. Thanks for making sure! :)


  7. Brian Wong
    2 years ago

    Hi Bruce – first of all, I got ZERO help from the popup domination support site. So I edited the script. Its quite easy. After you de-activate the plugin, go back and rename the folder back to the original. Then, go into the folder and find the file named “popupdomination.php”. Open it with a text editor (I use Text Wrangler). Then find the line that says “wp_admin_css( ‘theme-editor’ );”. Its near the top (around line 37 as I recall). Then just comment it out. Meaning add “//” to that line. So the line becomes “//wp_admin_css( ‘theme-editor’ );”. All this does is tell WordPress to ignore the reference to that line (which became redundant after the update). Then save the file and activate the plugin again and it should work. Hope that helps.


  8. Kent Chen
    2 years ago

    I’ve been using popup domination for a while, luckily I’ve never encounter such problems. I hope this doesn’t happen on my site. Thanks for writing this post Brian, it keeps us aware of things :)

Search This Site


bettergoals app

Brian Wong on Facebook

About Brian Wong

Brian Wong is a serial entrepreneur, life explorer and father of two. Over the last ten years, he has founded successful businesses in several areas including the health and wellness industry, in property investment and in online information marketing.

Read More About Brian Wong...

Connect With Brian

Blog Archives