elroyel1327

I’ll be reading up for sure.

Thanks for your help with this whooami and Otto42, it’s very much appreciated.

AH HA! On following up with Otto42’s suggestion I was just running though the files list and comparing it to the default file list from a new install of WP – sure enough there was a wp- prefixed file there that wasn’t suppose to be.

It appears that somehow someone had managed to install a r57shell file on the server (which I’ve now removed).

Being that this sort of thing is completely beyond my understanding, how should I go about preventing this from happening again?

Thanks guys,

whooami, I’m not using any of the plugins that are listed in the linked post – I wasn’t having a go at you about the version number, I was genuinely asking if removing it was an issue.

Otto42, I’ll replace the files as you suggest and see if that prevents it from happening again.

I’m still curious to know if this is has happened to others here. As I said, I found several exploited sites just by doing a quick google search, but it doesn’t seem like there is a known ‘hole’ or even that other people aware that it’s happening.

The files are set to 644.

Yeah, I am running 2.3.2 – as I said in my first post – and yeah, I have removed it from the header, as was suggested on one of the many sites I found while attempting to diagnose the problem I outlined above.

I’m not sure what significance your comment holds. Seriously, is there something wrong with not showing the version number?

I’ve noticed this happen when I’ve been working on my site’s CSS file. Sometimes if I begin an upload to the server and refresh the site before file has finished loading then it reverts to the default theme.

I guess that it’s possible that a file in your theme directory became flawed somehow and WP reverted to the default as a result.

I could be completely off track here though.