Support » Plugin: Wordfence Security - Firewall & Malware Scan » Found malicious files, but scared to do anything

  • Resolved 2make

    (@2make)


    Hello. I did a scan with WordFence plugin and it showed that I have 9 files with CRITICAL status. I have options to repair some of them or delete the others. But I am scared to do anything because it might hurt my website (I don’t know much about WordPress codes).

    Example of the file:

    File appears to be malicious: wp-content/themes/jannah-NULLED/functions.php
    Type: File
    Issue Found 31.01.2019 10:53
    Critical
    IGNORE
    DETAILS
    Filename: wp-content/themes/jannah-NULLED/functions.php
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: $div_code_name=”wp_vcd”;

    The issue type is: Backdoor:PHP/wp-vcd
    Description: Backdoor used for backlink injection and other malicious activity.

    What should i do with it? Delete or not?

    Screenshot: https://ibb.co/PMSsQLX

    • This topic was modified 9 months, 1 week ago by  2make.
Viewing 3 replies - 1 through 3 (of 3 total)
  • What theme are you using? Are you using a theme called “Jannah-NULLED”? If so I would not delete this file.

    The functions.php file is a critical WordPress file, but it’s only used in the theme folder of the theme you’re actively using. For example, if you’re using the twenty sixteen theme, the functions.php in the twenty sixteen folder is the active functions.php file you need to worry about.

    If you are not using Jannah-NULLED theme, then yes you can delete that functions.php file within the Jannah-NULLED folder.

    If it is part of the theme you are using, you might want to clone the functions.php file of another theme that is clean (such as twentysixteen) and replace it, but if you don’t know what you’re doing you would want to consult a friend or web developer for further assistance.

    Plugin Author WFSupport

    (@wfsupport)

    If you are using a nulled theme (or a stolen theme if you really want to be honest about it) then you do so at your own risk. Most every nulled theme or plugin out there has some sort of backdoor in it and people that use them may sit there all smug and such, thinking that they got away scott-free have no ideas that they are now opening themselves up to hosting malware, using their visitors for cryptomining, helping to steal credentials via fake login pages, etc. If you like the theme play it safe and buy it. Security plugins, Wordfence, Sucuri, iThemes, etc can protect you from a lot of bad things out there but not if you are going to give the bad guys a free pass to get in.

    As an aside, I’m having the moderators lock this post. We do not offer any support for sites that have nulled software on them.

    Tim

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    1. Delete the nulled theme.
    2. Use the real theme instead of downloading from shady sites.
    3. Consider your site as already hacked and act accordingly. Get it scanned, cleaned, and fixed.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Found malicious files, but scared to do anything’ is closed to new replies.