WP Plugin- WP stats live hacked

A note to anyone using the WP-Stats live plugin-
> See's who's online, what their reading and where they came from in real time. You don't need to refresh a page to see who is reading your blog!

Version 1.1 | By Sam cunningham |
Not sure what's going on with it, but it is adding a bunch of hidden spam to the page head (starts with:)
> The biggest danger to your sex life is boredom and…

I spent a bit of time searching my Wordpress install, thinking it had been compromised, but it was a plugin (a google search for a longer phrase turns up thousands of WP sires using this plugin).

The upside- I was away from home, and learned a bit more on using iSSH and viewing page source with an iPad :).

1 Reply

This forum and this thread was the only one that would come up above the spam listings in the SERPs so it's the one I'll contribute to. Hi.

One of my WP installs got hacked, but it did not have the WP Live Stats plugin installed.

The install is using the "Options Theme", so there may be any number of themes out there that are vulnerable.

In this case the relevant block of code is in header.php

Commenting that out is sufficient to defeat the hack. (Double slash before the if will work…)

Sorry I can't show you a before and after example but it's a site in development for a client.

"The biggest danger to your sex life is boredom"… it hits too close to home. :cry:


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct