Delete the file and get some security plugin. Check your site for infiltrations. My plugin doesn’t have a file of that name. Someone has put it there.
https://wordpress.org/plugins/gotmls/ is good for a first check.
https://wordpress.org/plugins/better-wp-security/ is what I use to protect my life and testing environments.
Good luck!
ok that is interesting, i have better security, and bulletproof security and allinone security, not sure how it got there, the file is deleted by my host.
As long as it didn’t do any damage, I guess it’s good.
it did a lot of damage , they said your php is vulnerable..
No, it’s not mine. A file ‘tracker.php’ doesn’t belong to my plugin. That was my point.
