WordPress Error: The server XYZ at Magic Requires a Username and Password.
August 8, 2009
Here is a little surprise I received upon returning from vacation. I was editing a blog and when I went to save the post an error popped up reading:
The server (our server domain, e.g. DOMAIN.COM) at Magic requires a username and password.
Well isn’t that special?
The problem is caused by the vars.php file located in the WP-INCLUDES folder. Someone did a SQL Injection (Read More Here) and added code to the file.
The fix is an easy one – 2 steps:
Download a new version of the vars.php file from WordPress and replace the corrupted one. Look here – Simply choose your WordPress version
Update WordPress to the latest version!
Normally, the files starts:
* Creates common globals for the rest of WordPress
* Sets $pagenow global which is the current page. Checks
* for the browser to set which one is currently being used.
* Detects which user environment WordPress is being used on.
* Only attempts to check for Apache and IIS. Two web servers
* with known permalink capability.
* @package WordPress
But after it has been “hacked” there is encrypted text reading something like:
So once again, Look here – Simply choose your WordPress version, go to WP-INLUDES, download Vars.php and replace the one on your server. Then update WordPress for better security.