My Blog Was Hacked + WordPress 3.3 Update Fatal Error!

I’ve always had a habit of ignoring WordPress updates because I have a belief that “if it ain’t broke, don’t fix it!”. Oh boy, that came back to bite me in the ass this morning.

So it began when I got a Google alert that a few of my blog posts has been picked up by Google’s search bots. “Great”, I thought but wait…those posts looks a bit strange. On closer inspection, they were spam posts for sex performance drugs and using pictures of scantily clad women on my blog!

“How did this happen??” I gasped! The links are coming directly from my blog and the posts uses the same theme as my blog!

Well after much research, I found that there’s quite a few security holes that needed to be plugged by the WordPress updates as well as a common plugin called “Timthumb”. The scary thing is that this plugin can be exploited even if its in a theme that is not active!

Wow! So I updated my WordPress installation using the “automatic update”, and that got me a fatal error with one of my plugins. A double-whammy in one morning! After almost 2-hours of trouble shooting, things are back to normal. I thought that at the very least, I’d make a blog post out of it in case it helps any of you.

So here are the solutions in case any you encounter such a horror one day:

If you encounter a fatal error after upgrading to the latest WordPress build, chances are, its caused by a plugin incompatibility. This effectively locks you out of the admin panel and is quite alarming. But don’t panic! The solution is to identify the offending plugin and deactivate it.

In my case, the culprit causing the fatal error in WordPress was the popular “Popup Domination” plugin.

 The way to deactivate the plugin and thus returning you access to your control panel is to simply rename the plugin folder using any FTP software. You can do this for specific plugins (just rename the specific plugin folder) or the entire plugins folder (rename the “plugins” holder under “WP-Content” to say – “plugins-old”).

When WordPress can’t find the plugin (because you renamed it), all it does is deactivate it. This allows you access back into the WordPress admin panel. Then you reactive them one-by-one until you find the plugin that causes the error! When you know which plugin is the offending plugin, you can either delete it or replace it with an updated version if it exists.

Now, about how to fix the “Timthumb” vulnerability. I found a simple solution on this post:

Basically, its just a mater of locating the “timthumb.php” file, and replacing it with this one:

Now, I can’t say if this has permanently fixed the issue but so far, the offending SPAM posts has been removed and everything seems to be back to normal.

From now on, I will definitely make sure to keep WordPress updated – especially if any vulnerabilities have been found and fixed!



If you enjoyed this post, please also subscribe to my RSS feed! You can also follow me on Twitter here.

8 thoughts on “My Blog Was Hacked + WordPress 3.3 Update Fatal Error!

  1. Marilu Stuart

    I just updated my blog (will check on my .com blog tomorrow)….I know what you mean about not wanting to do updates in fear of loss, etc. Even though I back up every week…thanks for this post. Very helpful for those of us who have experienced a “panic” or two during an update… ;)

  2. Brian Wong Post author

    Yes, I did not want to update until I was forced to when spammers exploited vulnerabilities in the old version. Best to bite the bullet and stay up to date.

  3. Carsten

    Thanks for the info Brian. Immediately when I saw your post I also updated my blog. Was already a few updates behind. Sorry you had to go through the trouble and had this stuff put on your page.

  4. Sardar

    And Brian, please do not forget to change your passwords as well. They might sneak in again. This has happened to me quite a few times. So I have learnt the hard way to keep things updated always. Cheers.

  5. Brian Wong Post author

    Hi Bruce – first of all, I got ZERO help from the popup domination support site. So I edited the script. Its quite easy. After you de-activate the plugin, go back and rename the folder back to the original. Then, go into the folder and find the file named “popupdomination.php”. Open it with a text editor (I use Text Wrangler). Then find the line that says “wp_admin_css( ‘theme-editor’ );”. Its near the top (around line 37 as I recall). Then just comment it out. Meaning add “//” to that line. So the line becomes “//wp_admin_css( ‘theme-editor’ );”. All this does is tell WordPress to ignore the reference to that line (which became redundant after the update). Then save the file and activate the plugin again and it should work. Hope that helps.

  6. Kent Chen

    I’ve been using popup domination for a while, luckily I’ve never encounter such problems. I hope this doesn’t happen on my site. Thanks for writing this post Brian, it keeps us aware of things :)

Leave a Reply

Your email address will not be published. Required fields are marked *