Here is a little surprise I received upon returning from vacation. I was editing a blog and when I went to save the post an error popped up reading:
Well isn’t that special?
The problem is caused by the vars.php file located in the WP-INCLUDES folder. Someone did a SQL Injection (Read More Here) and added code to the file.
The fix is an easy one – 2 steps:
Normally, the files starts:
<?php /** * Creates common globals for the rest of WordPress * * Sets $pagenow global which is the current page. Checks * for the browser to set which one is currently being used. * * Detects which user environment WordPress is being used on. * Only attempts to check for Apache and IIS. Two web servers * with known permalink capability. * * @package WordPress */
But after it has been “hacked” there is encrypted text reading something like:
So once again, Look here – Simply choose your WordPress version, go to WP-INLUDES, download Vars.php and replace the one on your server. Then update WordPress for better security.