Ever received such an error whilst performing a upgrade (from within Wordpress)? It may not be as uncommon as you think.

Wordpress is a brilliant piece of software, and where it comes to light is from all the plugins it uses. Downside? Well, it does consume system resources on your server and an upgrade does require a bit for it to occur.

Fix to get through the upgrade without any issues? There are two:

1) – Change the memory limit in the wp-settings.php file from 32M to 64M. Use any old text editor to change the value (it’s located on line #13). This didn’t work for me as I think I needed to alaso adjust the php.ini file which I don’t have access to on my server where this site is hosted.

2) – Disable ALL your plugins before attempting the upgrade. I current use 11 (and have another 8 which aren’t being used so I took not which ones were currently active before performing a mass disable). This worked for me without a hitch.

Disclaimer: As always, take a backup of any files you are going to change before any editing is done just in case ……
I take no responsibilitly for any ill effects or problems which may occur using the instructions provided above.

What’s going on? Short answer – your Wordpress account has been hacked.

More than likely you have been running an old version (ie not the current one) and you have succumbed to an exploit.

The two telling signs is that you have two administrator users (one that ou cannot see), and that your permalink structure has changed. There are other things as well but they are the two main ones.

More detailed discussion can be read about it here.

First and foremost, you should be making sure you have a backup of all your files and SQL database (it should be a regular thing anyway!) before making any changes.

Note: All care but no responsibility is taken with the accuracy of this post.

To find the hidden user, go to the /wp-admin/users.php page and click the link near the top of the page to view only Administrators. The page will not show the hidden administrator, but you can “view source” of this page, and you’ll find the additional username somewhere in the HTML. The key thing to find is the user id, which then can be used with the following URL (substituting the hacker’s user id for xx):

http:///wp-admin/user-edit.php?user_id=xx

Once you’re in the page to edit the user, you can change its role back to ‘Subscriber’ and delete the bogus ‘first name’ field. (Also you’ll have to insert an email address so that you can save your changes – just enter any old email address) After saving the changes, return to the normal user list, and select this user and delete it.

Upgrade your Wordpress to the latest version, and don’t forget to change your permalink structure. I would also suggest changing your admin password, and having a read of this page to consider other actions to secure your wordpress install.

Finally, thanks to the guys at NachoTech. The post there helped me sort out and fix my WP issues without any loss of data.