Title: Question about code injections
Last modified: August 22, 2016

---

# Question about code injections

 *  [dfranck90](https://wordpress.org/support/users/dfranck90/)
 * (@dfranck90)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/question-about-code-injections/)
 * Every now and then I notice code injections in some of the wordpress sites we
   host. Sometimes its just a line or two of gibberish at the top of existing files
   and sometimes its brand new files with names intended to make it look like something
   thats supposed to be there.
 * Sometimes I’ll see it in a plugin or a theme file. Yesterday I found one site
   that had new files full of hacked code all over the uploads folder. Occasionally
   I’ll even see files in the root directory that have been hacked, like config.
   php.
 * My question is how do hackers get access to these files? Did they just gain access
   to the WP-admin through guessing passwords or have they gained access to the 
   FTP Username and Password for the site? I know you can access plugin and theme
   files from the editor in the dashboard, but I didn’t think you could edit things
   like wp-config.

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [Andrew Nevins](https://wordpress.org/support/users/anevins/)
 * (@anevins)
 * WCLDN 2018 Contributor | Volunteer support
 * [11 years, 3 months ago](https://wordpress.org/support/topic/question-about-code-injections/#post-5627040)
 * You might never know the answer to how the hacker got access, but how are you
   removing the hack?
 *  [Rastislav Lamos](https://wordpress.org/support/users/lamosty/)
 * (@lamosty)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/question-about-code-injections/#post-5627042)
 * _**[link moderated; see [http://codex.wordpress.org/Forum\_Welcome#Signatures](http://codex.wordpress.org/Forum_Welcome#Signatures)]**_
   some of my bookmarked resources for these kind of situations. It’s better for
   you to read as much as possible about this matter because the answer to your 
   question is not simple.
 *  Thread Starter [dfranck90](https://wordpress.org/support/users/dfranck90/)
 * (@dfranck90)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/question-about-code-injections/#post-5627043)
 * Gennerally,
 * Change passwords (FTP, WP, DB)
    Change the secret keys Find the code in question
   and delete it If I’m noticing multiple files that are messed up, I replace the
   core files from a fresh download of wordpress Update everything

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Question about code injections’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 3 replies
 * 3 participants
 * Last reply from: [dfranck90](https://wordpress.org/support/users/dfranck90/)
 * Last activity: [11 years, 3 months ago](https://wordpress.org/support/topic/question-about-code-injections/#post-5627043)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics