When you use something as.

 
Funches: Carney: meaning if you have an archive-podcasts.php file you can just hardcode the title you want to show for that particular archive page right in there

Gilfillan: Carney: “page” is a cpt of it’s own technically. so a “page title” would be the title of a page specifically, not posts or cpt’s.

Gilfillan: Just remember when saying “page” most of us will ***ume you literally mean “page”

Amphy: Opsec: i tried to make a standardized syntax for pages but it was shot down

Gilfillan: Well we can’t have things being clear.

Gilfillan: Takes all the fun out of the easter egg hunt

Wohld: To be fair, pages are really a hierarchal post type

Gutter: But they are a littl deceptive

Amith: Haaga: thats almost exactly what opsec said. they are a CPT but they are unto themselves because they already exist when you install WP

Swierk: All these hacks going on atm – PHP code being injected in all the PHP files if!isset$GLOBALS”x61156x75156x61″ etc, any idea of how stuff is infected?

Gilfillan: I’m so much clearer on the subject now.

Bribiesca: Renter: http://codex.----escape_autolink_uri:a03ded6cd97ffffa8f7b4e1454f3eecc----.org/FAQ_My_site_was_hacked , and stop trying to patch up your hacked site. Reinstall or restore your backups. And read http://codex.----escape_autolink_uri:a03ded6cd97ffffa8f7b4e1454f3eecc----.org/Hardening_WordPress

Mcnany: Posts are just default cpt’s

Sexauer: Renter: there’s a million ways for you to have gotten hacked

Tschoepe: I like how “and stop trying to patch up” is in the premade answer

Jankowiak: Guimares, it seems to happen on updated WPs, all kinds of different installations, so I would not suspect one particular plugin. But all the hacks seems to be the same

Bussen: So, if it happens on a completely up2date WP, reinstalling doesn’t do a thing

Beckstrand: I’m having trouble doing Plugin updates I get error : Download failed. Problem with the SSL CA cert path? access rights?

Lutrick: Renter: theres a lot of variables that could result in a hacked site. not up to date installs of both WP or plugins is one. the plugins as a whole could be bad. themes could be not updated or never issues an update, etc etc

Arvay: Renter: when a security hole is found thatr is part of a WP core function they usually announce it just to plugin devs, let them patch it, then announce it publicly so general users know about it. etc.

Hogen: Renter: that said WP plugins and themes contain WP functions/ core code AND general PHP / javascript code. so you have to be aware of all types of exploits and simply make sure you write quality code

Tschoepe: There was talk of some big-ish hack a couple days ago with a popular plugin probably dunno if its the same

Janusz: I just wonder what the thing in common is, since all the hacks are identical ~13000 bytes prepended all PHP files. And since it is so many different installations on different servers, it just sounds odd

Busser: That’s why I suspect something more general, than a plugin

Shaheed: Renter: it could be a chunk of code that a bunch of different plugins use. some commonly used code or script

Gilfillan: If a plugin is shared across sites, it’s not general.

Toriello: Renter: you’re really over simplifying things with your weak logic

Tschoepe: wordpress-malware-active-visitortracker-campaign.html">Https://blog.sucuri.net/2015/09/wordpress-malware-active-visitortracker-campaign.html

Siddell: Renter: if the sites are on the same server, the plugin exploited could have spread across the system

Tschoepe: I dunno if thats a marketing campaign type of post or actually big

Tschoepe: Ya they can use it for that also

Carty: Haaga, it is multiple servers

Forte: Guimares, I’m just asking if there’s something known going around, since it spreads like the plague, and I can’t seem to see the attack vector

Gilner: So reinstalling is really not a solution – that is just pure stupidity and waste of time

Gilfillan: When you use something as big as wordpress and that involves so many areas of expertise, database, webserver, filesystem security, iptables/fiorewalls, selinux/apparmor, etc. *and* you try to do all these things yourself without knowing them inside and out. you’re doomed to be exploited at some point.