Support » Plugins » .php.bogus file extensions

  • I’ve just come across a website that has 3 folders within the theme folder (default, classic and a custom – name of the website).

    Anyway the WordPress version is 2.6.1 (am currently upgrading a lot of sites and this is how I came across this).

    The .php.bogus files seem to be duplicates of the existing files within each theme, as I’ve never seen these before just wondering if anyone had any idea what they are, or how they were created.


Viewing 2 replies - 1 through 2 (of 2 total)
  • In WP version 2.6, the two themes distributed with the WordPress package were named “classic” and “default”. So at this path in an installation of 2.6 – /wordpress/wp-content/themes – you would probably find:


    The custom theme was most likely someone’s effort at making a unique theme for their site. One could only guess the origin of the “.php.bogus” files, but in doing so, it might be something as simple as someone renaming some original theme files with a “.bogus” extension – much as you might use the “.bak” extension – while using copies of the originals to modify.

    Another explanation could be that the site has fallen victim to one of the known vulnerabilities present in that version of WordPress (or issues with the hosting account itself), and has been compromised.

    Of course, everything I suggested is pure guesswork on my part without first hand knowledge of the site.

    Thanks for your input Clayton.

    Yea the reason I ask is that we have some code injection on all of our sites (.php) on that server, and we are currently trying to narrow down where it came from. Today has been the best day so far (in 3 weeks). We were removing the code injection but within a few hours it came right back, I have updated a few wordpress sites today, added Better WP Security and still clean so far.

    I think I’ll delete those .php.bogus files and hope for the best over the weekend.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘.php.bogus file extensions’ is closed to new replies.