StefanMz

I observed the same weird hack. Additionally I found a “wp-template.php” in the root folder.

Inside there is a comment saying something about “Joomla” which is fake.

IIUC: The core is, that the script defines a constant of obfuscated code, which is deobfuscated using a cookie “j_jmenu” from the user. Then this raw code is used with “create_function” to generate a new function which then is called. To me it seems that the cookie is additional part to finalize the obfuscated code. The unchanged cookie is written back to the user.

Only if a user coming with the “j_jmenu” cookie is calling the infected webpage the infection is renewed. This assumes, that the “wp-template.php” survives any cleaning action. Weird.

Maybe the idea is, that the cookie coming from a different website is able to create different malicious functions – together with the existing code part. Each of those singles parts are nonfunctional, only together they are working. This makes it hard to understand the function. – But I am not sure if I understand all that code correctly (I am not a pro).

This I did not dismantled what exactly the created function is doing. And I did not find the way of the initial infection. It could be an infected plugin.

It seemed to be a single effect, I could not reproduce it any more. I tried JPG and PNG, and both are correctly re-registered and the thumbnails are fine, too.

Great, I’ll give it a try ??

What I did was:

• permalink reset
• permalink change, save, change back, save
• disabling plugin by plugin, except wiki plugin itself
• permalink reset and change again

Nothing helped. No further idea.

I found out, that version 1.5 was indicated to be the current version and there is no further update available (in the WP admin plugins page). However, this was not true, version 1.9 is available, which does not show the error reported here (because the bug is fixed).

So, check the version of “Exclude Pages”.

You can completely switch paging off following this idea.

If you don’t need to distinguish categories it is simply that (to be put into functions.php):

add_action( 'parse_request', 'show_all_entries_in_category' );

function show_all_entries_in_category( $args ) {
	if( isset( $args->query_vars['category_name'] )) {
		$args->set_query_var( 'nopaging', true );
        }
}

Renaming the wp-langs-en.js to wp-langs-[YOUR_LOCALE].js as explained by object81 above is only the first step. Then you have to edit the file and replace all occurances of ‘en’ with [YOUR_LOCALE]. You’ll find them at the beginning of each definition, i.e.

tinyMCE.addI18n({en:{…

tinyMCE.addI18n(“en.advanced”,{…

tinyMCE.addI18n(“en.advanced_dlg”,{…

tinyMCE.addI18n(“en.media_dlg”,{…

tinyMCE.addI18n(“en.wordpress”,{…

tinyMCE.addI18n(“en.wpeditimage”,{…

Then you may translate the texts as you wish.

This behavior occurs with WP 2.8. Please use version 2.x of Grouped Links Widget.

Hint: I don’t come along this forum here often. Please post your questions here: https://groupedlinks.wordpress.com/

Simply change the display name in your profile.

The problem was caused by “Simple Tagging” plugin, deactivating solves it.

The weird thing was, that I previously (with WP 2.6.x) used “Simple Tags” plugin, and after upgrading to 2.7, it was recommended by a yellow box appearing in the admin area to switch to “Simple Tagging” plugin. However, this didn’t work.