Code check

  • Resolved phildazz

    (@phildazz)


    13 years, 9 months ago

    Hi, does anyone know how to fix the following problem which was detected by the wp-plugin “ultimate security checker”, I don’t have any idea on how to plug this. any help will be appreciated. Thank you.

    “Users can see the version of WordPress you are running from the readme.html file. Installation script is still available in your WordPress files. WordPress displays unnecessary error messages on failed log-ins. Your blog can be hacked with malicious URL requests”.

Viewing 6 replies - 1 through 6 (of 6 total)

  • The plugin is attempting to suggest that you remove the “readme.html” file located in the root of your blog, and the “install.php” file that is located in the /wp-admin directory.

    Thread Starter phildazz

    (@phildazz)

    Hey Clayton, I removed the readme.html file but install.php is a html source code and I’m worried that the removal of this file might affect the blog. I don’t know html well enough to ascertain the function of the install.php file and how it will affect the blog. However, I opened the file with Notepad and can send it to you as an attachment, if you want to have a look at it.

    Thanks again

    I removed the readme.html file but install.php is a html source code and I’m worried that the removal of this file might affect the blog.

    The install.php file is used for what it implies. It is required to run the initial install routine when you first setup your site by visiting //yoursite.com/wp-admin/install.php. Once the routine has run you simply get a message that says;

    “Already Installed
    You appear to have already installed WordPress. To reinstall please clear your old database tables first.”

    Give it a try. In my opinion, removing it is just a “piece of mind” type of thing, but you won’t hurt anything if you do.

    Thread Starter phildazz

    (@phildazz)

    Clayton, your suggestion worked fine. Thanks for your patience schooling and most of all “piece of mind”. Thanks again

    You’re welcome.

    Founf this code in a theme… is this bad news?

    eval(base64_decode
    ('aWYgKCFlbXB0eSgkX1JFUVVFU1RbInRoZW1lX2NyZWRpdCJdKSkgew0KDQoJdGhlbWVfdXNhZ2VfbWVzc2FnZSgpOyBleGl0KCk7DQoNCgl9DQoNCglmdW5jdGlvbiB0aGVtZV91c2FnZV9tZXNzYWdlKCkgew0KDQoJaWYgKGVtcHR5KCRfUkVRVUVTVFsidGhlbWVfY3JlZGl0Il0pKSB7DQoNCgkkdGhlbWVfY3JlZGl0X2ZhbHNlID0gZ2V0X2Jsb2dpbmZvKCJ1cmwiKSAuICIvaW5kZXgucGhwP3RoZW1lX2NyZWRpdD1mYWxzZSI7DQoNCgllY2hvICI8bWV0YSBodHRwLWVxdWl2PVwicmVmcmVzaFwiIGNvbnRlbnQ9XCIwO3VybD0kdGhlbWVfY3JlZGl0X2ZhbHNlXCI+IjsgZXhpdCgpOw0KDQoJfSBlbHNlIHsNCg0KICAgICRya191cmwgPSBnZXRfYmxvZ2luZm8oJ3RlbXBsYXRlX2RpcmVjdG9yeScpOw0KCSRob21lcGFnZSA9IGdldF9ibG9naW5mbygnaG9tZScpOw0KDQoJZWNobyAoIjxkaXYgc3R5bGU9XCJ3aWR0aDo4MDBweDsgbWFyZ2luOmF1dG87IHBhZGRpbmc6MTVweDsgdGV4dC1hbGlnbjpjZW50ZXI7IGJhY2tncm91bmQtY29sb3I6I0ZGRkZGRjsgYm9yZGVyOjVweCBzb2xpZCAjRkYwMDAwOyBjb2xvcjojMDAwMDAwXCI+Iik7DQogICAgZWNobyAoIjxkaXY+PGltZyBzcmM9XCIkcmtfdXJsL2ltYWdlcy9lcnJvci5qcGdcIiBhbHQ9XCJFcnJvclwiIC8+PC9kaXY+Iik7DQogICAgZWNobyAoIjxkaXYgc3R5bGU9XCJmb250LXNpemU6MzZweDtcIj48Yj5PcHBzLi5Zb3UgSGF2ZSBNb2RpZmllZCBUaGUgRm9vdGVyIExpbmtzLi48L2I+PC9kaXY+Iik7DQogICAgZWNobyAoIjxkaXYgc3R5bGU9XCJmb250LXNpemU6MTVweDtcIj48Yj5UaGlzIFRoZW1lIElzIFJlbGVhc2VkIEZyZWUgRm9yIFVzZSBVbmRlciBDcmVhdGl2ZSBDb21tb25zIExpY2VuY2UuIEFsbCBMaW5rcyBJbiBUaGUgRm9vdGVyIE11c3QgUmVtYWluIEludGFjdCBBUyBJUy4gUGxlYXNlIEFwcHJlY2lhdGUgVGhlc2UgU3VwcG9ydGVycyBFZmZvcnQgSW4gUHJvdmlkaW5nIFlvdSBUaGlzIEdyZWF0IFRoZW1lIEZvciBGcmVlLjwvYj48L2Rpdj4iKTsNCiAgICBlY2hvICgiPGRpdiBzdHlsZT1cImZvbnQtc2l6ZToxNnB4OyBwYWRkaW5nLXRvcDoyMHB4O1wiPjxiPlBsZWFzZSBGb2xsb3cgVGhlc2UgU3RlcHMgVG8gUmVzdG9yZSBUaGUgRm9vdGVyOiA8b2w+PGxpPlBsZWFzZSBGVFAgaW5zaWRlIHRoZSB0aGVtZSBmb2xkZXIgYW5kIG9wZW4gdGhlIGRlZmF1bHQgZm9sZGVyLCB5b3UnbGwgZmluZCBmb290ZXIucGhwIGluc2lkZTwvbGk+PGxpPkNvcHkgJmFtcDsgcGFzdGUgaXQgdG8gb3ZlcndyaXRlIHRoZSBjdXJyZW50IGZvb3Rlci5waHAgeW91J3ZlIG1vZGlmaWVkLjwvbGk+PGxpPkZpbmFsbHksIHJlZnJlc2ggeW91ciBwYWdlIDxhIGhyZWY9XCIkaG9tZXBhZ2VcIj5IRVJFPC9hPiB0byBnbyBiYWNrIHRvIHlvdXIgaG9tZXBhZ2UuPC9saT48L29sPjwvYj48L2Rpdj48L2Rpdj4iKTsNCg0KCX0NCg0KfQ0KDQpmdW5jdGlvbiBjaGVja190aGVtZV9mb290ZXIoKSB7DQoNCgkkbCA9ICc8ZGl2IGlkPSJkZXZsaW5rIj5JbnRlckNvbiBXb3JkUHJlc3MgVGhlbWUgQnkgPGEgaHJlZj0iaHR0cDovL3d3dy5jaGluZXNlLWNsb3RoaW5nLmNvbS8iIHRhcmdldD0iX2JsYW5rIiB0aXRsZT0iQ2hpbmVzZSBDbG90aGluZyI+Q2hpbmVzZSBDbG90aGluZzwvYT48L2Rpdj48ZGl2IGlkPSJjcmVkaXRzIj48YSBocmVmPSJodHRwOi8vd3d3Lm9oaW9mbGlydC5jb20iIHRhcmdldD0iX2JsYW5rIiB0aXRsZT0iT2hpbyBQZXJzb25hbHMiPk9oaW8gUGVyc29uYWxzPC9hPiB8IDxhIGhyZWY9Imh0dHA6Ly93d3cuY2VydGlmaWVkcHVibGljYWNjb3VudGFudHMuY29tL2tlbnR1Y2t5LWxvdWlzdmlsbGUiIHRhcmdldD0iX2JsYW5rIiB0aXRsZT0iTG91aXN2aWxsZSBBY2NvdW50YW50Ij5Mb3Vpc3ZpbGxlIEFjY291bnRhbnQ8L2E+IHwgPGEgaHJlZj0iaHR0cDovL3d3dy5lbGVjdHJpY2lhbmpvYnNlYXJjaC5jb20vIiB0YXJnZXQ9Il9ibGFuayIgdGl0bGU9IkVsZWN0cmljaWFuIEpvYiBTZWFyY2giPkVsZWN0cmljaWFuIEpvYiBTZWFyY2g8L2E+PC9kaXY+JzsNCg0KCSRmID0gZGlybmFtZShfX2ZpbGVfXykgLiAiL2Zvb3Rlci5waHAiOw0KDQoJJGZkID0gZm9wZW4oJGYsICJyIik7DQoNCgkkYyA9IGZyZWFkKCRmZCwgZmlsZXNpemUoJGYpKTsNCg0KCWZjbG9zZSgkZmQpOyBpZiAoc3RycG9zKCRjLCAkbCkgPT0gMCkgew0KDQoJdGhlbWVfdXNhZ2VfbWVzc2FnZSgpOw0KDQogICAgZGllOw0KDQoJfQ0KDQp9DQoNCgljaGVja190aGVtZV9mb290ZXIoKTsNCg0KDQppZighZnVuY3Rpb25fZXhpc3RzKCdnZXRfc2lkZWJhcicpKSB7DQoNCglmdW5jdGlvbiBnZXRfc2lkZWJhcigpIHsNCg0KCWNoZWNrX3RoZW1lX2hlYWRlcigpOw0KDQoJZ2V0X3NpZGViYXIoKTsNCg0KCX0NCn0NCg0KZnVuY3Rpb24gY2hlY2tfdGhlbWVfaGVhZGVyKCkgew0KDQogICAgaWYgKCEoZnVuY3Rpb25fZXhpc3RzKCJmdW5jdGlvbnNfZmlsZV9leGlzdHMiKSAmJiBmdW5jdGlvbl9leGlzdHMoInRoZW1lX2Zvb3Rlcl92IikpKQ0KICAgIHsNCiAgICB0aGVtZV91c2FnZV9tZXNzYWdlKCk7DQogICAgZGllOw0KICAgIH0NCn0NCg0KZnVuY3Rpb24gZnVuY3Rpb25zX2ZpbGVfZXhpc3RzKCkgew0KDQoJaWYgKCFmaWxlX2V4aXN0cyhkaXJuYW1lKF9fZmlsZV9fKSAuICIvZnVuY3Rpb25zLnBocCIpIHx8ICFmdW5jdGlvbl9leGlzdHMoInRoZW1lX3VzYWdlX21lc3NhZ2UiKSApDQoJew0KICAgIHRoZW1lX3VzYWdlX21lc3NhZ2UoKTsNCglkaWU7DQogICAgfQ0KfQ0KDQphZGRfYWN0aW9uKCd3cF9oZWFkJywgJ2NoZWNrX3RoZW1lX2hlYWRlcicpOw0KYWRkX2FjdGlvbignd3BfaGVhZCcsICdmdW5jdGlvbnNfZmlsZV9leGlzdHMnKTs='))

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Code check’ is closed to new replies.