Retweet
We had a client with a mysterious plugin related server error when they tried to access thair admin dashboard with output:

/*pushit_user_row_phone_variable_define_start*/ $phone = isset($user_object->phone_number) ? get_user_mobile($user_object) : “not set”; /*pushit_user_row_phone_variable_define_stop*//*pushit_user_row_phone_variable_insert_start*/break; case ‘phone’: $r .= “$phone”;/*pushit_user_row_phone_variable_insert_stop*/

They said that the problem had happened immediately after installing the PushIt plugin. So, we took the usual action and went into the database and ran:

SELECT *
FROM wp_options
WHERE option_name = ‘active_plugins’

and removed the content to disable all plugins.

Still no admin!

So, we removed the wp-content/plugins/pushit/ folder via ftp.

STILL NO ADMIN!!

So we scanned the code for instances of “pushit” and fount three.

  1. In /wp-admin/user-edit.php
  2. In /wp-admin/user-new.php
  3. In /wp-admin/includes/template.php

These files first of all lacked PHP open and close tags hence the server error but all looked rather small.

So we downloaded the latest WordPress version and opened these files. It looks like the idiot (yes I know it’s a strong word but who ever they are they are IDIOTS) had code replacing rather than inserting into these files. We hastilly overwrote these three files and Voila! no problems.

In quick summary: Do not ever install PushIt!! Tell everybody you know not to install PushIt!! If you know the person that wrote PushIt – give them a swift kick in the *^”^%£*^s.