http://banane.disqus.com/I write about SF, writing, and technology.enSun, 16 Dec 2007 00:04:25 -0000http://www.banane.com/2007/12/14/wordpress-exploits-and-patches/#comment-4733534Oh- thanks Matt! It's not in the footer, but at the end of a post, the individual post content, which users can't see, you can only see if you "view code" in the interface. I will change the db password, seems like the best idea.bananeSun, 16 Dec 2007 00:04:25 -0000http://www.banane.com/2007/12/14/wordpress-exploits-and-patches/#comment-4733535If there is spammy HTML in the footer.php of a theme, it's unlikely that it has anything to do with the cookie thing, it's more likely file permissions and/or an old XML-RPC problem. The cookie thing only applies to you if they've already read your database directly, which is not possible if you're on a secure version, and changing your password protects you if they have. I wouldn't attempt to apply the phpass patch by hand.MattSat, 15 Dec 2007 21:28:52 -0000