

My wordpress header.php got hacked - mexitek
http://www.arlocarreon.com/blog/wordpress/wordpress-header-php-got-hacked-snxstat77-info/

======
mexitek
i still have no idea how they got that code in the header.php. Anyone have any
ideas?

~~~
barik
The usual way that these get in is when people upgrade WordPress by simply
doing a tar -zxvf wordpress.tar.gz. This replaces files, but often there are
many legacy files from older installs that never got deleted.

In my case, the attack was from "/blog/wp-
content/themes/default/functions.php", which isn't even a theme in recent
WordPress builds; it's simply been left over from the many upgrades over the
years.

The other most common route for such injection is not always WordPress itself,
but instead through insecure, third-party themes, since theme designers are
not always programmers.

