Support » Fixing WordPress » Potentail Malware problem

  • bobkeenanphoto

    (@bobkeenanphoto)


    First…. I am a newbie at this. My site was hacked into and my host shut it down and pulled what they thought were the offending lines. I added several security plug-ins.

    On one, Secure WordPress by WebsiteDefender, I ran the defender scan and it came up with two potential files with a problem.

    One is a file call tols.php. Its full of what I think is base64 code. Here is a sample of a few lines worth [ moderated – Do not post malware code here. Use pastebin.com if you must. ]

    It also identified one other php file. It was some php code followed by a bunch of base64. See below:

    [ moderated – Do not post malware code here. Use pastebin.com if you must. ]

    So…. Is this malware? Can I just delete the php file??

Viewing 4 replies - 1 through 4 (of 4 total)
  • Please do not post that code here. If you must share use http://www.pastebin.com.

    If you found that in one file chances are it’s in many files. See the guide below.

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    You can try replacing the files in your wp-admin and wp-includes folder.

    bobkeenanphoto

    (@bobkeenanphoto)

    Sorry about that…. like I said… I am a newbie. Here is the first suspicious file. It is labeled tols.php and can be seen here: http://pastebin.com/G0Znjtuc

    What do you mean replace the files in wp-admin? All of them? From where?
    Thanks for the help

    No worries 🙂 A mod will clean it up.

    This type of attack is usually caused by a vulnerability in a PHP script. The first thing you should do is create a backup of everything. Then, make sure you’re running on the latest version of your theme, plugins, and WordPress core. If you have the latest version installed you can easily download a new WP pack and transfer the wp-admin and wp-includes folder via ftp, replacing all files. DO NOT replace the wp-content folder as that includes all your uploads, themes, plugins and so forth. 🙂

    Also, please make sure you’ve done everything that’s listed on this page: http://codex.wordpress.org/FAQ_My_site_was_hacked .

    bobkeenanphoto

    (@bobkeenanphoto)

    This worked great! Thanks a lot.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Potentail Malware problem’ is closed to new replies.