WordPress Error: The server XYZ at Magic Requires a Username and Password.

WordpressHere is a little surprise I received upon returning from vacation. I was editing a blog and when I went to save the post an error popped up reading:

  • The server (our server domain, e.g. DOMAIN.COM) at Magic requires a username and password.

Well isn’t that special?

The problem is caused by the vars.php file located in the WP-INCLUDES folder. Someone did a SQL Injection (Read More Here) and added code to the file.

The fix is an easy one – 2 steps:

  1. Download a new version of the vars.php file from WordPress and replace the corrupted one. Look here – Simply choose your WordPress version
  2. Update WordPress to the latest version!

Normally, the files starts:

<?php
/**
 * Creates common globals for the rest of WordPress
 *
 * Sets $pagenow global which is the current page. Checks
 * for the browser to set which one is currently being used.
 *
 * Detects which user environment WordPress is being used on.
 * Only attempts to check for Apache and IIS. Two web servers
 * with known permalink capability.
 *
 * @package WordPress
 */

But after it has been “hacked” there is encrypted text reading something like:

eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZT....

So once again, Look here – Simply choose your WordPress version, go to WP-INLUDES, download Vars.php and replace the one on your server. Then update WordPress for better security.

Categories Uncategorized

Tags Authentication Blog software Data management Hack Magic Password php PHP programming language SQL SQL injection text reading Wordpress

You must log in to post a comment

16 Comments

Menu

Password Reset

An email has been set with password reset instructions. If you do not see this email within a few minutes, check your spam folder.

Not Allowed

Your current user level does not allow voting. Please contact the site administrator to upgrade.

Login/Signup

Submit a New Post!

Please login first