Support » Plugin: WebsiteDefender WordPress Security » Backdoor script detected in WD root file

  • Resolved Treebeard


    I scanned using the Anti-Malware plugin, and it detected the WD file that’s in the website’s root directory (php file) as being a Backdoor script? I checked the file on the server and compared it to the original one I downloaded from WD, and nothing’s changed. So is that file actually a backdoor then? The entire file shows as a backdoor, not just a specific line or anything.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author WebsiteDefender


    Hello, malawimama

    thank you for showing interest in our plugin.
    However, the results you have got using that plugin are not correct, our plugins are secure and there is just no way any of them can be marked as backdoors.

    My suggestion is to find another (and better) malware scanner than just a plugin…


    Thanks WSD. I wouldn’t have posted a message here if I wasn’t worried. I never trust only 1 source, the original detection came from a website called Sucuri, that’s when I checked using a plugin and that’s where it was more specific in listing it as a backdoor script, so I’m not saying your script is actually a problem, for all I know, the files could have been corrupted somehow, I wouldn’t know since I’m not a hacker, but maybe it’s possible the files were hacked. Who knows. I just wanted to bring it to your attention.

    Plugin Author WebsiteDefender


    Hello, Treebeard

    Thank you for your feedback, but the original file cannot be marked as a backdoor because it isn’t one, and if files got somehow modified then that’s very unfortunate because it means the website got somehow hacked, so I suggest you change your passwords and reinstall wordpress from scratch (and you should check the database also).


    Strangely, following a hack of the servers hosting my website it seems most of the sites on there were then compromised including mine.

    Access to my site appears to be via a vulnerability in (crazily) a security plugin!

    I am now totally unable to access my own wordpress install and the error given when I try is

    Fatal error: Cannot redeclare __hideFooterVersion() (previously declared in /home/colincoo/public_html/wp-content/plugins/secure-wordpress/res/inc/SwpaSecurity.php:41) in /home/colincoo/public_html/wp-content/plugins/wp-security-scan/res/inc/WsdSecurity.php on line 41

    I am currently changing hosting company and then can re-upload a hopefully clean site.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Backdoor script detected in WD root file’ is closed to new replies.