Support » Fixing WordPress » Potentail Malware problem

  • bobkeenanphoto


    First…. I am a newbie at this. My site was hacked into and my host shut it down and pulled what they thought were the offending lines. I added several security plug-ins.

    On one, Secure WordPress by WebsiteDefender, I ran the defender scan and it came up with two potential files with a problem.

    One is a file call tols.php. Its full of what I think is base64 code. Here is a sample of a few lines worth [ moderated – Do not post malware code here. Use if you must. ]

    It also identified one other php file. It was some php code followed by a bunch of base64. See below:

    [ moderated – Do not post malware code here. Use if you must. ]

    So…. Is this malware? Can I just delete the php file??

Viewing 4 replies - 1 through 4 (of 4 total)
  • Please do not post that code here. If you must share use

    If you found that in one file chances are it’s in many files. See the guide below.

    You can try replacing the files in your wp-admin and wp-includes folder.



    Sorry about that…. like I said… I am a newbie. Here is the first suspicious file. It is labeled tols.php and can be seen here:

    What do you mean replace the files in wp-admin? All of them? From where?
    Thanks for the help

    No worries 🙂 A mod will clean it up.

    This type of attack is usually caused by a vulnerability in a PHP script. The first thing you should do is create a backup of everything. Then, make sure you’re running on the latest version of your theme, plugins, and WordPress core. If you have the latest version installed you can easily download a new WP pack and transfer the wp-admin and wp-includes folder via ftp, replacing all files. DO NOT replace the wp-content folder as that includes all your uploads, themes, plugins and so forth. 🙂

    Also, please make sure you’ve done everything that’s listed on this page: .



    This worked great! Thanks a lot.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Potentail Malware problem’ is closed to new replies.