HeadsetOptions Web Design, SEO, WordPress, Etcetra

When a client of mine upgraded to WordPress 2.5.1 from WordPress 2.5 she encountered an issue where the database will not upgrading, resulting in the “WordPress 2.5.1 is available! Please update now.” flashing in her dashboard and every other admin pages. On initial search of the WordPress support forum, we found the following strings that pointed us in a certain direction:

• http://wordpress.org/support/topic/172004
• http://wordpress.org/support/topic/168964

Neither strings suggest solutions that are easy or safe, however, I urge you check these posts and then search your install via file manager/FTP/WebFTP to ensure you do not have files with the following extensions anywhere within a writable directory such as uploads: _new.php, _old.php, .php.pngg, .php.jpgg, or .php.giff.

One this was clear from these support forum strings though was that my clients site was hacked from the time she switched to WordPress 2.5 to the time she tried upgrading to WordPress 2.5.1, all within 48 hours.

On further troubleshooting, this time on the backend, we realized the kink was within the “wp_options” table in the database. So we had to identify the kink first, then fix it. The methodology is to seek and destroy the hacker included code and then force a database update.

I must warn you, if you are not comfortable playing with your core WordPress files and your database tables, I suggest you hire a professional or WordPress consultant (shameless plug).

• First off, ensure your WordPress 2.5.1 files have completely replaced your older version.
  One (not so guaranteed) way is to open your /wp-includes/version.php file and check the version number, this can also be accomplished using file manager/FTP/WebFTP
• Make a note of the database number in the /wp-includes/version.php file which will be under $wp_db_version, it should be 7796 in the case of WordPress 2.5.1
• Now, you will need access to your database for the following steps, your host should allow you to view and edit your databases via phpAdmin,
• Log in
• Select the database in question (your WordPress install will have it’s own database in many case)
• Make a copy of your entire database using the export feature and method described here
• Then make a backup of only your wp_options table
• Open the wp_options table sql file in a text editor such as Notepad++
• Use the find/search function (Ctrl+f) and look for /..
• Look for codes that are similar to the one below:

1. i:11;s:117:”../../../../../../../../../../../../../../../../../../../../../../ tmp/tmpbYCT9H/sess_fc9148b41a8cbe4c05b21053bdd8e6c2″;

• Delete the hacker included code
• Use the find/search function again and look for db_version
• Check your database number in the wp_options table against the database number $wp_db_version in /wp-includes/version.php file
• If they are the same, then change the database number in the wp_options SQL file to one number behind the version in your /wp-includes/version.php file, say to 7795
• Save it
• Upload the wp_options SQL back to your MySQL server using the import feature, this should only rewrite that one table
• Now open a new browser and type in http://yoursite.com/wp-admin/upgrade.php
• The browser will then walk you through the database update which should take you about a minute or less
• Then login in to your WordPress admn panel and check, the “WordPress 2.5.1 is available! Please update now.” should no longer be there
• Immideatly change the password, make it as strong as possible
• Go back to your files once again and check the CHMOD of your uploads file
• If it is set to 777 or 775, change to 755 or less

You are done, your WordPress 2.5 will be successful upgrade to WordPress 2.5.1.