Title: malicious file — wp-includes/task-item.php Last modified: September 27, 2017 --- # malicious file — wp-includes/task-item.php * Resolved [djaaweb](https://wordpress.org/support/users/djaaweb/) * (@djaaweb) * [8 years, 8 months ago](https://wordpress.org/support/topic/malicious-file-wp-includes-task-item-php/) * Our site was hacked, and I’ve been going through and cleaning it as much as possible. * When we run Wordfence Scans, it gives us the following. [https://imgur.com/a/wQsY3](https://imgur.com/a/wQsY3) * ———————————————————————————– File appears to be malicious: wp-includes/task- item.php Filename: wp-includes/task-item.php File Type: Not a core, theme or plugin file. Issue First Detected: 5 mins ago. Severity: Critical Status New This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is:“ eikooctesOSW+noitcnuf”. The infection type is: Webshell:PHP/WSO-strrev. —————————————————————————— * I can’t find anything about this file, or this hack. * When I delete the file, it gets recreated. * This also occurs for wp-admin/css/.bt which seems to be suspicious but when deleted it gets re-created again. * Has anybody come across this? Viewing 1 replies (of 1 total) * [wfyann](https://wordpress.org/support/users/wfyann/) * (@wfyann) * [8 years, 8 months ago](https://wordpress.org/support/topic/malicious-file-wp-includes-task-item-php/#post-9543662) * Hi [@djaaweb](https://wordpress.org/support/users/djaaweb/), * Most likely a backdoor is still making it possible for those malicious files to be created over and over again. * I suggest you follow [our site cleaning guide](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/) in order to make sure your site is no longer compromised. Viewing 1 replies (of 1 total) The topic ‘malicious file — wp-includes/task-item.php’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 1 reply * 2 participants * Last reply from: [wfyann](https://wordpress.org/support/users/wfyann/) * Last activity: [8 years, 8 months ago](https://wordpress.org/support/topic/malicious-file-wp-includes-task-item-php/#post-9543662) * Status: resolved