Hi docdaddy,
I would worry about the “/wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php” as this is a know exploit vector. See this link for more information http://www.slemanroot.net/2015/02/wp-exploit-plugin-reflex-gallery.html
The best thing to do security wise is ensure all your plugins are up to date and have a read of this http://codex.wordpress.org/Hardening_WordPress
Kind regards
Jamie
I see once in a while someone showing the last URL they visited was /browsercomfig.xml
browserconfig.xml appears to be related to 404 errors and the Internet Explorer browser. It doesn’t seem to be anything to worry about.
I also see one that is /wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php
This is a legitimate file in the plugin. Again no reason to worry providing that the plugin is up to date.
Regarding security, I recommend installing the Wordfence plugin, and working through the Hardening WordPress codex which has excellent advice.
Thanks- but I don’t have the reflex gallery plugin installed! I looked it up via Google, and there is an exploit with that plugin so I assume it is people trying it on my site.
I installed WP All in One Security and was setting things up in it, looked great, but now I can’t get into my dashboard. Arghhh! And I am enough a dummy I have no idea what I’m doing with trying to go into FTP and deleting things. We are in a PR campaign ramp up, starting to build hits, I hate the thought of downtime, even worse having to rebuild the site while our itunes and other hits are climbing. /panic-mode on
Hits for vulnerable plugins are quite common. Providing you don’t have the plugin installed, or if you do that it has been updated, then there is nothing to worry about.
Regarding access to your dashboard, it sounds like you may need to disable the All in One Security plugin via FTP:
Navigate to the plugin folder, which will be here:
wp-content
plugins
all-in-one-security
and rename it to:
wp-content
plugins
all-in-one-security.hold
This will deactivate the plugin.
If you check and can now login through http://www.yoursite.com/wp-admin then you can rename the plugin:
wp-content
plugins
all-in-one-security
This will allow you see the deactivated plugin inside your WordPress Dashboard, and either try re-activating it again, or delete it.
THANK YOU!!!! That worked. Again – Thank you!
Happy to hear you are back up and running again 🙂