WP Plugin- WP stats live hacked
> See's who's online, what their reading and where they came from in real time. You don't need to refresh a page to see who is reading your blog!
Version 1.1 | By Sam cunningham |
Not sure what's going on with it, but it is adding a bunch of hidden spam to the page head (starts with:)
> The biggest danger to your sex life is boredom and…
I spent a bit of time searching my Wordpress install, thinking it had been compromised, but it was a plugin (a google search for a longer phrase turns up thousands of WP sires using this plugin).
The upside- I was away from home, and learned a bit more on using iSSH and viewing page source with an iPad
One of my WP installs got hacked, but it did not have the WP Live Stats plugin installed.
The install is using the "Options Theme", so there may be any number of themes out there that are vulnerable.
In this case the relevant block of code is in header.php
Commenting that out is sufficient to defeat the hack. (Double slash before the if will work…)
Sorry I can't show you a before and after example but it's a site in development for a client.
"The biggest danger to your sex life is boredom"… it hits too close to home.