Question about code injections

  • dfranck90

    (@dfranck90)


    11 years, 3 months ago

    Every now and then I notice code injections in some of the wordpress sites we host. Sometimes its just a line or two of gibberish at the top of existing files and sometimes its brand new files with names intended to make it look like something thats supposed to be there.

    Sometimes I’ll see it in a plugin or a theme file. Yesterday I found one site that had new files full of hacked code all over the uploads folder. Occasionally I’ll even see files in the root directory that have been hacked, like config.php.

    My question is how do hackers get access to these files? Did they just gain access to the WP-admin through guessing passwords or have they gained access to the FTP Username and Password for the site? I know you can access plugin and theme files from the editor in the dashboard, but I didn’t think you could edit things like wp-config.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    11 years, 3 months ago

    You might never know the answer to how the hacker got access, but how are you removing the hack?

    Rastislav Lamos

    (@lamosty)

    11 years, 3 months ago

    [link moderated; see http://codex.wordpress.org/Forum_Welcome#Signatures ] some of my bookmarked resources for these kind of situations. It’s better for you to read as much as possible about this matter because the answer to your question is not simple.

    Thread Starter dfranck90

    (@dfranck90)

    11 years, 3 months ago

    Gennerally,

    Change passwords (FTP, WP, DB)
    Change the secret keys
    Find the code in question and delete it
    If I’m noticing multiple files that are messed up, I replace the core files from a fresh download of wordpress
    Update everything

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Question about code injections’ is closed to new replies.