WordpressHere is a little surprise I received upon returning from vacation. I was editing a blog and when I went to save the post an error popped up reading:

  • The server (our server domain, e.g. DOMAIN.COM) at Magic requires a username and password.

Well isn’t that special?

The problem is caused by the vars.php file located in the WP-INCLUDES folder. Someone did a SQL Injection (Read More Here) and added code to the file.

The fix is an easy one – 2 steps:

  1. Download a new version of the vars.php file from WordPress and replace the corrupted one. Look here – Simply choose your WordPress version
  2. Update WordPress to the latest version!

Normally, the files starts:

<?php
/**
 * Creates common globals for the rest of WordPress
 *
 * Sets $pagenow global which is the current page. Checks
 * for the browser to set which one is currently being used.
 *
 * Detects which user environment WordPress is being used on.
 * Only attempts to check for Apache and IIS. Two web servers
 * with known permalink capability.
 *
 * @package WordPress
 */

But after it has been “hacked” there is encrypted text reading something like:

eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZT....

So once again, Look here – Simply choose your WordPress version, go to WP-INLUDES, download Vars.php and replace the one on your server. Then update WordPress for better security.

17 Thoughts on “WordPress Error: The server XYZ at Magic Requires a Username and Password.”

Leave a Reply

Your email address will not be published. Required fields are marked *