Support » Fixing WordPress » Malware found ioptimize.php

  • Hello Folks,

    We have found a malicious plugin on several WordPress sites on several webhosts.
    The plugin is called ioptimization, and would allow file uploads when opened directly (/wp-content/plugins/ioptimization/IOptimize.php). Luckily Wordfence is blocking this in our cases.
    It does not seem to be because of another plugin, as websites with different plugins had this infection and on different servers, so I’m afraid this is a WordPress Core exploit.
    This malicious plugin appeared 4 days ago (8 Feb), all around the same time.
    So far, the damage has been minimal, but it’s more worrying this appeared in our sites in the first place.
    I hope I posted this in the right place.

    [malware code removed]

    Hope this will be useful to someone

    • This topic was modified 1 month, 2 weeks ago by Steve Stern.
  • The topic ‘Malware found ioptimize.php’ is closed to new replies.