wp-conf.php need help with this file | WordPress.org

TLCJohn
(@tlcjohn)

10 years, 6 months ago

Hi there everybody.

I am looking for some advice and I am hoping that the community here may be able to guide me in the right direction.

I have found on three site that I run the following file wp-conf.php. This file I have found out reading Google is a malicious file which can harm the site and put code on to people computers.

Talking to our ISP, they tell me that the file was uploaded to the sites via FTP. I can’t see how this could have been done. I keep the user names and password up to date, long and changed on a regular bases.

So how did they do it?

All the plugins are kept up to date.
We run Better WP Security and WordFence
I keep everything to a minimum on the server and clean.
So how???

If anyone has any thoughts please help with your advice.

Thank you.

John

Viewing 1 replies (of 1 total)

leejosepho
(@leejosepho)

10 years, 6 months ago
I do not know how that happens, but I have this code at the top of htaccess and I keep that file’s permissions set at 0400:
```
# deny wp-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>
```

Viewing 1 replies (of 1 total)

The topic ‘wp-conf.php need help with this file’ is closed to new replies.

Tags

malicious software

In: Fixing WordPress
1 reply
2 participants
Last reply from: leejosepho
Last activity: 10 years, 6 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics