Title: Possible Malware? Last modified: August 31, 2016 --- # Possible Malware? * [TheCockroach](https://wordpress.org/support/users/thecockroach/) * (@thecockroach) * [10 years, 3 months ago](https://wordpress.org/support/topic/possible-malware-3/) * Hello! * I’ve been working on cleaning up my site’s WP, as we were hacked a few months back. Being the cautious person that I am though, I’m obviously trying to make sure I only remove malicious content. So I was hoping here would be a good place to ask around about any files that I’m not 100% certain of. * But starting off, there’s a file I found in /wp-admin/maint called Test2.php. When visited (even by a non-logged in user) it prints out this on the page: [http://prntscr.com/9trv0t](http://prntscr.com/9trv0t) * I know it’s not a default WP file, and am 95% sure it’s malicious-related. But I just want to make sure it’s not possibly part of a plug-in, as since our site is fairly high-traffic, we can’t afford for it to suffer any down-time. Viewing 2 replies - 1 through 2 (of 2 total) * Moderator [t-p](https://wordpress.org/support/users/t-p/) * (@t-p) * [10 years, 3 months ago](https://wordpress.org/support/topic/possible-malware-3/#post-6979276) * > But starting off, there’s a file I found in /wp-admin/maint called Test2.php. * No. It’s not a WP core file. * > But I just want to make sure it’s not possibly part of a plug-in, * No. It cannot be related to any plugins. Files related to any plugin should be in the respective folder of that plugin. * Also, follow [this guide](https://codex.wordpress.org/FAQ_My_site_was_hacked). When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://codex.wordpress.org/Hardening_WordPress). * Thread Starter [TheCockroach](https://wordpress.org/support/users/thecockroach/) * (@thecockroach) * [10 years, 3 months ago](https://wordpress.org/support/topic/possible-malware-3/#post-6979283) * Thank you so much for the response, Tara. I’ll check out those guides you posted very shortly. * Another question though, based on your response. Let’s say, that I find files that do “seem” suspicious. And they aren’t a WP core file that’s [ listed here ](https://digwp.com/2012/05/complete-list-wordpress-files/), and they aren’t in a plug-in folder. Is there anything else right off that they could “potentially” be, that you’re aware of? * I’m not the site owner, just their tech guy. And I only just recently gained access to the blog’s FTP server (finally..) so that I could get a scheduler problem fixed. So if it’s not already obvious, I AM relatively new to a WP installation. Luckily though, I’m extremely smart and pick up on things pretty quickly. So this is a learning experience for me, so to speak. * Thank you again though, I really do appreciate your feedback, and I’ll be checking those links out shortly. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Possible Malware?’ is closed to new replies. ## Tags * [hacked](https://wordpress.org/support/topic-tag/hacked/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 2 replies * 2 participants * Last reply from: [TheCockroach](https://wordpress.org/support/users/thecockroach/) * Last activity: [10 years, 3 months ago](https://wordpress.org/support/topic/possible-malware-3/#post-6979283) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics