Beginner's Guide for WordPress / Start your WordPress Blog in minutes

WordPress SQL Injection – Latest Attack

A lot of sites are being hit by a recent SQL attack where codes are being injected to your site. This MySQL injection affects your permalinks by making them ineffective. As a result, your blog posts URLs will not work. Numerous WordPress blogs were targetted in this attack, Thanks to Andy Soward for bringing this to our attention.

There was one of the following codes that were added to your permalink structure due to this attack:



These quotes appended all permalinks on your site and it can only be changed if removed manually.

To fix this go to:

Settings > Permalinks and remove the above code and replace your default code.

Next thing you need to do is go to Users. You will see that there are more than one administrator. You won’t see their name listed, but you will see the count increased. So what you need to do is look at all users and find the last one who registered. Put your mouse over that user and get the link. Change the code userid= by adding 1 to that number. So if the last user who you can see was user #2 then add 1 to it and make it 3. You should find the hidden admin has a weird code as a first name. Delete the code and make him a subscriber. Then return and delete him.

This should fix the problem. You can also delete him by simply going to your PHPMyAdmin. Because you will see the user there.

We just wanted to get this news out as soon as we can, so our users can be updated. Please make sure that you check that your blog is not infected. We hope that WordPress come out with a release soon.

Also if you haven’t implement some of these measures to secure your WordPress Admin Area.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit – a collection of WordPress related products and resources that every professional should have!

Reader Interactions

8 CommentsLeave a Reply

  1. The database of my website has been injected few days ago, adding some strange characters and words after each post or page URL. I couldn’t find anything strange in the settings: permalinks or in the users menu. What to do to fix this problem, please? My hosting company has a backup of the infected database as well!

  2. i was hit by this twice.

    first time it was wassup plugin sql injection, this time im not sure. my hosting provider has blocked me.

    once they restore my a/c i will remove wordpres.. I have had it!

    • We really appreciate this comment, the issue was not with the WP Super Cache, we believe it was the plugin called WP External Link. We uninstalled and reinstalled WP-Super Cache twice, but then we compared the development server where everything worked fine. The difference was this plugin. When we removed that plugin it worked. You may now read that post.


      • Maybe that was WP External Link and Super Cache conflict…
        I see my pasted WP-Super-Cache html comment above works as html comment and is invisible :) Text was “Page not cached by WP Super Cache. No closing HTML tag. Check your theme”.
        So last Super Cache ver. promises to do not html validity check.

        Oh, I’m reading!
        Thanks a lot!

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.