pearible

@otto42:

In other words, if you ever got hacked before, and did not completely wipe your site clean and sanitize everything, then that’s probably how they got back in.

I keep seeing this, but considering that my site was a brand-new, fresh install of 2.5.1 in every way (new host, new server, etc.) and received the *exact same* hack – I don’t think it’s the issue you’re describing.

BUT, if somebody can create a user on your blog through some other method, then they can use the xmlrpc to make a post.

There were no new users added to my site – the first post was just hacked with:

<span style="overflow: hidden; position: absolute; height: 0pt; width: 0pt;"><a href="https://kvantservice.com/">компютри втора употреба</a></span>

And everything after the “more” tag was gone.

Just to be clear – I didn’t need to update, mine was a recent fresh install of 2.5.1 – and I was still hacked.

I’ve just deleted the xmlrpc.php file, and am hoping for the best.

I just installed my WP (2.5.1) a few days ago – brand new fresh install, not an upgrade, and I got this same hack sometime this afternoon.

Can we just delete the xmlrpc.php file completely?