Title: Changed index.php file in uploads folder
Last modified: December 9, 2016

---

# Changed index.php file in uploads folder

 *  Resolved [digbymaass](https://wordpress.org/support/users/digbymaass/)
 * (@digbymaass)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/changed-index-php-file-in-uploads-folder/)
 * The previous index.php in wp-content/uploads
 *     ```
       <?php
       // GNU General Public License
       ```
   
 * has become this (maybe from the upgrade to 4.7):
 *     ```
       <?php
       /**
        * Front to the WordPress application. This file doesn't do anything, but loads
        * wp-blog-header.php which does and tells WordPress to load the theme.
        *
        * @package WordPress
        */
   
       /**
        * Tells WordPress to load the WordPress theme and output it.
        *
        * @var bool
        */
       define('WP_USE_THEMES', true);
   
       /** Loads the WordPress Environment and Template */
       require( dirname( __FILE__ ) . '/wp-blog-header.php' );
       ```
   
 * Wordfence has flagged it as malicious. It doesn’t _look_ threatening but should
   I worry? I think I’ll change it back anyway.

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Thread Starter [digbymaass](https://wordpress.org/support/users/digbymaass/)
 * (@digbymaass)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/changed-index-php-file-in-uploads-folder/#post-8533591)
 * Ah I should have looked at the wordfence scan first. It flagged up a hacking 
   attack in the file (not immediately visible). I’ve deleted it by reflex and now
   I can’t quote from the scan warning.
 *  Thread Starter [digbymaass](https://wordpress.org/support/users/digbymaass/)
 * (@digbymaass)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/changed-index-php-file-in-uploads-folder/#post-8533700)
 * It’s back…
 * > File appears to be malicious: wp-content/uploads/index.php
   >  Filename: wp-content/
   > uploads/index.php File type: Not a core, theme or plugin file. Issue first 
   > detected: 1 min ago. Severity: Critical Status New This file appears to be 
   > installed by a hacker to perform malicious activity. If you know about this
   > file you can choose to ignore it to exclude it from future scans. The text 
   > we found in this file that matches a known malicious file is: “$y1=”\x65\x78\
   > x74r\x61\x63\x74″;$y1($bfl);if($eg4(@$sw[$c0])==$at)”. The infection type is:
   > Backdoor/PHP:CookieBo.
 * How can I stop it?!
 *  Thread Starter [digbymaass](https://wordpress.org/support/users/digbymaass/)
 * (@digbymaass)
 * [9 years, 5 months ago](https://wordpress.org/support/topic/changed-index-php-file-in-uploads-folder/#post-8533707)
 * Ah… looks like my backup that I uploaded was infected. Stupid.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Changed index.php file in uploads folder’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [index.php](https://wordpress.org/support/topic-tag/index-php/)
 * [malicious](https://wordpress.org/support/topic-tag/malicious/)

 * 3 replies
 * 1 participant
 * Last reply from: [digbymaass](https://wordpress.org/support/users/digbymaass/)
 * Last activity: [9 years, 5 months ago](https://wordpress.org/support/topic/changed-index-php-file-in-uploads-folder/#post-8533707)
 * Status: resolved