When I updated this blog to WordPress 2.5.1 five days ago, a problem propped up. That “Please upgrade” strip wouldn’t go away and has become an annoyance. Blogged about it and posted a support question in the WordPress support forums and soon enough possible explanations and solutions to this issue were given by other friendly WP users.

A user who goes by the name Rosie M Banks pointed me to a post by Ultrasonic who had the same problem after upgrading his blog to WP 2.5.1. As it turns out, this is caused by a vulnerability in WordPress 2.5.x where hackers can wreak havoc in a WP blog by inserting PHP scripts or files that could further exploit your WordPress-powered blog.

ia has written a good overview and guide to check whether your blog has been hacked or not over at WordPress Philippines. Gave it a good read and used it like a checklist in my investigation to root out and solve this issue.

Luckily for me, my blog’s internal folders and directories were not littered with new files ending in _new, _old, .pngg, .jpgg, .giff. As ia wrote:

These files will be executables that when called from a browser will display a fake “404 Not Found” error, but if called from a script with the matching hash from one of the hacked PHP scripts, will display system info about the server your site is sitting on.

The solution of course, is to delete these files.

A phantom WP user

But when I checked my blog’s database using phpMyAdmin, I found out that there is a phantom “WordPress” user in my blog. Again ia sheds light on this phantom WordPress user:

One other thing I noticed, and this happened on the new 2.5 installs as well as the older ones that hadn’t been upgraded yet, was the silent addition of the user “WordPress”, with no info save a password, and an add date of all zeroes. There’s also no indication of user level in the database, and the user doesn’t show up in the User menu. However, when I was going through and deleting unnecessary “admin” logins, “WordPress” came up as one of the user options to reassign posts to… otherwise it might have been a while before I’d found that buried in the database.

Again, the solution is to delete this user using phpMyAdmin which can be accessed from your site’s CPanel.

A plugin that’s not supposed to be there

Continuing with my investigation, I followed Ultrasonic’s advice and checked out my ‘wp_options’ table and looked at these VALUES ‘active_plugins’ and ‘deactivated_plugins’. In it I also found a plugin entry about a plugin that is not supposed to be there. The suspicious entry looked like this:

i:0;s:117:”../../../../../../../../../../../../../../../../../../../../../../tmp/tmpon81ev/
sess_197dd29a88afb90e3a9d82b3227c3369″;

I simply deleted that section of line entry. Of course you must BACKUP your database before fiddling with it using phpMyAdmin as Ultrasonic warns that this solution has not been verified to work for everyone.

It worked on my blog and I simply had to re-activate all of the plugins I regularly use once back inside the dashboard. Since applying this fix, my blog has returned to normal and that annoying update reminder strip has gone away my dashboard tells me that I am indeed running WP 2.5.1

Right now, I’m still in the process of checking my blog for other vulnerabilities. I hope the solutions I shared here would be useful to others who are experiencing the same problems. If not, I strongly recommend posting a support question in the WordPress forums, the wonderful folks from the WP community will always lend a helping hand.

• “Please update now” strip still shows up after WP 2.5.1 upgrade (5)
• Blog updates 2.08: WordPress security upgrade and Openads (0)
• Automatically backup your blog DB using WordPress Database Backup Plugin (5)
• Thesis 1.8.2, Jetpack and few other updates (2)
• Finally, integrated Facebook & Twitter Login to WordPress comments (0)

Since I didn’t made it to the iBlog 4 today, I went ahead and downloaded WordPress 2.5.1 to update this blog and my other blogs as well.

According to the WP Development blog:

It [WP 2.5.1] includes a number of bug fixes, performance enhancements, and one very important security fix. We recommend everyone update immediately, particularly if your blog has open registration. The vulnerability is not public but it will be shortly.

This release has over 70 fixes that deals with the most annoying bugs and is said to improve performance of our favorite blogging software.

An annoying WP 2.5.1 bug already?!

Unfortunately, I may have stumbled upon a new bug, a very annoying bug with WP 2.5.1, already!

After updating to WP 2.5.1 “Please update now!” strip is still showing up in the dashboard.

I thought the current theme I’m using, Structure theme by Justin Tadlock, had something to do with it but the same annoyance appeared in my other WP blogs after updating to WP 2.5.1. Thinking I made some mistakes in uploading the new WP files via FTP, I repeated the entire update process three times (3x) but still, that annoying strip is still showing up.

Anyone else experiencing the same problem? Please leave a comment behind or add your experience to the support thread I opened in the WP support forums. If you have a fix for this, by all means share it with the rest of us. It would be greatly appreciated.

If you want to go ahead and update to WP 2.5.1 you could do so by downloading the latest version here.

• How I fixed the WP 2.5.1 upgrade issue (4)