Assalaamu'alaikum, siang gan, ane dapet email dari wordpress firewall (ane install plugin wp-firewall) isinya kaya gini nih : Spoiler WordPress Firewall has detected and blocked a potential attack! Web Page: xxxxxxxx.xxx/wp-admin/theme-editor.php Warning: URL may contain dangerous content! Offending IP: 114.79.3.32 [ Get IP location ] Offending Parameter: newcontent = <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"> <html xmlns=\"http://www.w3.org/1999/xhtml\" <?php language_attributes(); ?>> <head profile=\"http://gmpg.org/xfn/11\"> <meta http-equiv=\"Content-Type\" content=\"<?php bloginfo(\'html_type\'); ?>; charset=<?php bloginfo(\'charset\'); ?>\" /> <title><?php bloginfo(\'name\'); ?> <?php if ( is_single() ) { ?> » Blog Archive <?php } ?> <?php wp_title(); ?></title> <meta name=\"generator\" content=\"WordPress <?php bloginfo(\'version\'); ?>\" /> <!-- leave this for stats --> <meta name=\"description\" content=\"<?php bloginfo(\'description\') ?>\" /> <meta name=\"keywords\" content=\"\" /> (https://www.google.com/webmasters/verification/verification?siteUrl=http://xxxxxxxx.xxx/&continue=https://www.google.com/webmasters/tools/dashboard?hl%3Den%26siteUrl%3Dhttp://xxxxxxxx.xxx/%26sig%3DALjLGbO-ihkDyyOoX-2N3WRVNWerLEAjog&hl=en&priorities=vfile,vmeta,vanalytics,vdns&tid=alternate) <meta name=\"google-site-verification\" content=\"t4qvvC8VV2-ucj518TjuwJMYZM7leYTlxtxlH4Ifsro\" /> (https://siteexplorer.search.yahoo.com/verification?site_id=7827779) <META name=\"y_key\" content=\"b8ed4927590f9685\" /> (http://www.bing.com/webmaster?rfp=6) <meta name=\"msvalidate.01\" content=\"00121C1EF099C91B923621812ED581E6\" /> (http://www.alexa.com/edit/claim/xxxxxxxx.xxx) <meta name=\"alexaVerifyID\" content=\"DeuAoao4BqNXa8aK1LMxZBfjILI\" /> <link rel=\"stylesheet\" href=\"<?php bloginfo(\'stylesheet_url\'); ?>\" type=\"text/css\" media=\"all\" /> <link rel=\"alternate\" type=\"application/rss+xml\" title=\"<?php bloginfo(\'name\'); ?> RSS Feed\" href=\"<?php bloginfo(\'rss2_url\'); ?>\" /> <link rel=\"pingback\" href=\"<?php bloginfo(\'pingback_url\'); ?>\" /> <script type=\"text/javascript\" src=\"<?php bloginfo(\'template_directory\'); ?>/js/jquery-1.2.6.js\"></script> <script type=\"text/javascript\" src=\"<?php bloginfo(\'template_directory\'); ?>/js/spy.js\"></script> <script type=\"text/javascript\" src=\"<?php bloginfo(\'template_directory\'); ?>/js/tabber.js\"></script> <script type=\"text/javascript\" src=\"<?php bloginfo(\'template_directory\'); ?>/js/scroll.js\"></script> <script type=\"text/javascript\" > jQuery.noConflict();</script> <link rel=\"stylesheet\" type=\"text/css\" href=\"<?php bloginfo(\'template_directory\'); ?>/banner.css\" media=\"screen\" /> <link rel=\"stylesheet\" type=\"text/css\" href=\"<?php bloginfo(\'template_directory\'); ?>/tabs.css\" media=\"screen\" /> <link rel=\"stylesheet\" type=\"text/css\" href=\"<?php bloginfo(\'template_directory\'); ?>/featlist.css\" media=\"screen\" /> <script type=\"text/javascript\"><!--//--><![CDATA[//><!-- sfHover = function() { if (!document.getElementsByTagName) return false; var sfEls = document.getElementById(\"catmenu\").getElementsByTagName(\"li\"); for (var i=0; i<sfEls.length; i++) { sfEls.onmouseover=function() { this.className+=\" sfhover\"; } sfEls.onmouseout=function() { this.className=this.className.replace(new RegExp(\" sfhover\\\\b\"), \"\"); } } } if (window.attachEvent) window.attachEvent(\"onload\", sfHover); //--><!]]></script> <?php wp_get_archives(\'type=monthly&format=link\'); ?> <?php //comments_popup_script(); // off by default ?> <?php if ( is_singular() ) wp_enqueue_script( \'comment-reply\' ); wp_head(); ?> </head> <body> <script type=\"text/javascript\"> var _gaq = _gaq || []; _gaq.push([\'_setAccount\', \'UA-23348608-1\']); _gaq.push([\'_trackPageview\']); (function() { var ga = document.createElement(\'script\'); ga.type = \'text/javascript\'; ga.async = true; ga.src = (\'https:\' == document.location.protocol ? \'https://ssl\' : \'http://www\') + \'.google-analytics.com/ga.js\'; var s = document.getElementsByTagName(\'script\')[0]; s.parentNode.insertBefore(ga, s); })(); </script> <div id=\"wrapper\"> <div id=\"menu\"> <ul> <li class=\"page_item <?php if ( is_home() ) { ?>current_page_item<?php } ?>\"><a href=\"<?php echo get_settings(\'home\'); ?>/\" title=\"Home\">Home</a></li> <?php wp_list_pages(\'sort_column=menu_order&depth=1&title_li=\');?> </ul> </div> <div class=\"clear\"></div> <div id=\"top\"> <?php include (TEMPLATEPATH . \'/searchform.php\'); ?> <div class=\"blogname\"> <h1><a href=\"<?php bloginfo(\'siteurl\');?>/\" title=\"<?php bloginfo(\'name\');?>\"><?php bloginfo(\'name\');?></a></h1> <h2><?php bloginfo(\'description\'); ?></h2> </div> <?php include (TEMPLATEPATH . \'/headbanner.php\'); ?> </div> <div id=\"catmenucontainer\"> <div id=\"catmenu\"> <ul> <?php wp_list_categories(\'sort_column=name&title_li=&depth=4\'); ?> </ul> </div> </div> <div class=\"clear\"></div> <div id=\"casing\"> This may be a "WordPress-Specific SQL Injection Attack." Click here for more information on this type of attack. If you suspect this may be a false alarm because of something you recently did, try to confirm by repeating those actions. If so, whitelist it via the "whitelist this variable" link below. This will prevent future false alarms. Click here to whitelist this variable. Click here to turn off these emails. Repeated warnings for similar attacks are currently sent via email, click here to suppress them. nah kia2 ane mesti gimana tuh ya? belum ngerti yang kaya ginian solanya
waalaikumsalam,,coba bantu dikit,, agan habis coba edit theme ya?? kekurangan wp firewall ya itu,, kalau coba edit2 daleman wordpress di kira injeksi gan,, so far ga masalah,,
iya gan abis edit2 themenya dikit, tadi masukin code adsense ke salah satu file php. oh gitu itu yah , berarti ane laporin whitelist aja klo gitu mah ya? terimaasih banyak gan alfi212
wordpress setau ane jarang banget yang kena sql injection kecuali dipermak habis jadi forum atau e commerce