A lot of sites are being hit by a recent SQL attack where codes are being injected to your site. This MySQL injection affects your permalinks by making them ineffective. As a result, your blog posts URLs will not work. Numerous WordPress blogs were targetted in this attack, Thanks to Andy Soward for bringing this to our attention.
There was one of the following codes that were added to your permalink structure due to this attack:
These quotes appended all permalinks on your site and it can only be changed if removed manually.
To fix this go to:
Settings > Permalinks and remove the above code and replace your default code.
Next thing you need to do is go to Users. You will see that there are more than one administrator. You won’t see their name listed, but you will see the count increased. So what you need to do is look at all users and find the last one who registered. Put your mouse over that user and get the link. Change the code userid= by adding 1 to that number. So if the last user who you can see was user #2 then add 1 to it and make it 3. You should find the hidden admin has a weird code as a first name. Delete the code and make him a subscriber. Then return and delete him.
This should fix the problem. You can also delete him by simply going to your PHPMyAdmin. Because you will see the user there.
We just wanted to get this news out as soon as we can, so our users can be updated. Please make sure that you check that your blog is not infected. We hope that WordPress come out with a release soon.
Also if you haven’t implement some of these measures to secure your WordPress Admin Area.
The database of my website has been injected few days ago, adding some strange characters and words after each post or page URL. I couldn’t find anything strange in the settings: permalinks or in the users menu. What to do to fix this problem, please? My hosting company has a backup of the infected database as well!
a wordpress user says
i was hit by this twice.
first time it was wassup plugin sql injection, this time im not sure. my hosting provider has blocked me.
once they restore my a/c i will remove wordpres.. I have had it!
Editorial Staff says
Perhaps its not WordPress fault, maybe your hosting security is just not as good…
What did you figure out with this? I was just hit with same issue. All my WP sites on my account are suffering the same problem.
Interesting url https://www.wpbeginner.com/wp-tutorials/11-vital-tips-and-hacks-to-protect-your-wordpress-admin-area/ linked from here shows blank page.
Code contains this comment: ‘‘.
That’s WP Super Cache’s bug http://wordpress.org/support/topic/315446, and it seems present here… So update WP Super Cache, please. I hope read that tips soon
Editorial Staff says
We really appreciate this comment, the issue was not with the WP Super Cache, we believe it was the plugin called WP External Link. We uninstalled and reinstalled WP-Super Cache twice, but then we compared the development server where everything worked fine. The difference was this plugin. When we removed that plugin it worked. You may now read that post.
Maybe that was WP External Link and Super Cache conflict…
I see my pasted WP-Super-Cache html comment above works as html comment and is invisible Text was “Page not cached by WP Super Cache. No closing HTML tag. Check your theme”.
So last Super Cache ver. promises to do not html validity check.
Oh, I’m reading!
Thanks a lot!
Roseli A. Bakar says
Thanks for highlighting this