Per Chris, the exploit was in the DB, so just finding and replacing the file in the WP folder was not good enough, the DB needed to be cleaned as well. So here’s a how to:

For folks who regularly back up their sites, it would be much easier to do the fix as opposed to those who do no back up their site (another reason to use wp-db-backup plugin). Nevertheless there are ways to get the DB cleaned out. We will discuss both, but before we do that, here’s a step-by-step to find and remove the PHP file that is causing the havoc.

I have been up to speed on all upgrades, all within 24 hours of release and never over 48 hours. So I am not suggesting the issue is/was related to WordPress, but the only common component of all the sites that were hacked was WP. The way to identify if your site is hacked is to Google the name or a keyword that will pull your site in the SERP, if in the list of names your site appears with a name other than what you have set it to be (in my case it turned out to be Cheap viagra) then you know you are in trouble. One other thing I noticed is that it prevents one from uploading images or media via the built in WordPress Upload/Insert feature while writing or editing a post/page.

The only thing I found that I do not recall adding is an “addhandler php4-script .php” tag in my .htaccess file. Not sure if that was the source of the exploit but I did restore the htaccess files to the original (pre-hack) state and hope for the problem to go away.

If you find you site has similar issues then look in the htaccess file (if you have one) for something like “addhandler php4-script .php”, there is no way for me to tell that is the problem but there seem to be no issue with deleting that line from the file. Hope it helps, leave a comment if you know more on this topic or have had similar experience.

I try not to write such posts, but the frustrations expressed by my clients who hosts on Yahoo! Small Business compels me to point out the obvious shortcomings of a popular host. This non-exhaustive list is in no particular order, it’s just the top 4 reasons why I would not recommend or host any on my sites on Yahoo!

One-Click-Install of Outdated Software

A client recently used the one click install feature to add WordPress to her site, within days it was hacked and she lost everything she had moved from another CMS (luckily she still had her backups). The problem was the defunct version of WordPress that Yahoo! installed; WP version 2.0.2, which beats Al Gore’s hacked sites WordPress version. Yahoo! claims to be partners with WordPress.org and provide search capabilities for the official WordPress sites, yet the version they install on thousands of user sites is full of holes prone to malicious attacks and hijacks.

Forces to use Yahoo! Mail, no PHPMail

This is somewhat funny and restrictive setup that Yahoo! Hosting has in place to screw users from using phpMail functions. The most common addon on any new WordPress site is the contact form, yet Yahoo! wont allow you to use one. The only situation when it would work is if the from email ID entered in the Contact Form is from the same domain as the site you are on. For example, if you are hosting the domain example.com on Yahoo! Hosting, the only people who can use the contact form are those with emails like someone@example.com, essentially email ID’s set with the same domain! Does that even make sense? Their reason is, if you had access to send emails to and from your site, you might use the privilege to spam someone else. Privilege to Spam? Yahoo! assume that its subscribers are spammers and treat them like one irrespective of if you really are one or not. While there are ways around this issue, it is not worth the time and effort.

Restrictive Controls and no .htaccess Access

Although this feature is mostly used by advanced users, they don’t let users have access to their own .htaccess files. What this could mean is, you are not allowed to set up redirects, and if you do manage to set one up from within the WP install, Yahoo! will delete the file and if you are the ‘unlucky types’, it might even kick you out of the system completely without the opportunity to restore or reverse the .htaccess edits. Lame.

Customer Support

I ended up calling Yahoo! on behalf of my client and was on hold for a good 50+ minutes just to hear the guy on the other end tell me he will “get the engineers to look at the issue the next morning” and that “the issue will be resolved in 3 to 5 days“. I replied (in astonishment) “3 to 5 days?” and he replied very calmly, “that’s less than a week” (almost as if service in “less than a week” should make me feel special!). Obviously Yahoo! Hosting thinks your site is not important and can be down 5 days, after all, why bother rushing their engineer to look into petty matters when they could be spending it on keeping up the number 1 site in the world.

Need more?

I’ll let the readers add the rest using the comment form below.