WordPress.org

Forums

[resolved] What is _info.php? (9 posts)

  1. nootkan
    Member
    Posted 1 year ago #

    Just noticed this file under my wordpress root and was wondering what it was for? Isn't it a security risk to allow anyone to view the phpinfo?

  2. catacaustic
    very awesome
    Posted 1 year ago #

    that's not a standard file from WordPress, so you should be able to delete it without a problem.

    It can be a bit of a security risk if someone knows where the file is and looks through it. They'd have to find it first though! On top of that, there's a huge percentage of the worlds websites that aer running PHP ov various versions, so the chances of anything bad happening from just that fiel are slim. It's still a possibility, but there's other things that you should be more concerned with before that.

  3. Stew Dellow
    Member
    Posted 1 year ago #

    Yep, definitely not a standard WP file. What does it contain?

  4. Toan Nguyen
    Member
    Posted 1 year ago #

    maybe its a backdoor or anything, no one can know if you does not show the code inside it :)

  5. nootkan
    Member
    Posted 1 year ago #

    Sorry guys I've been away for awhile. I am assuming that this file comes with a plugin but I'm not sure as I didn't create the site a third party did.

    `<?php echo posix_getuid(); phpinfo();

    plugins:
    akismet
    all in one seo
    bot smasher
    floating social media icon
    get the image
    nextgen gallery
    simple 301 directs
    testimonial widget
    wordpress database backup
    wordpress importer

  6. esmi
    Forum Moderator
    Posted 1 year ago #

  7. catacaustic
    very awesome
    Posted 1 year ago #

    I wouldn't rush into saying that the sites been hacked. The code there is perfectly valid for a developer to check to ensure that the server envronment can support the requirements for WordPress.

    The first thing to do is dleete the file - it's not needed any more and it has the possibility of opening up security holes if osmeone finds it.

    The second thing to do is run your site thorugh Sucuri's site checker to check for any issues.

    Third thing to do is check with your developer to see if they actually did put that file there (I'd be pretty sure that they did and just forgot to delete it).

    If you find any issues, then go thorugh the steps that Esmi has given. Before establishing that it really was a hack or just a forgetful developer they might be a bit of overkill.

  8. nootkan
    Member
    Posted 1 year ago #

    Too late, I've already deleted the wordpress site and gone back to the original site built with dreamweaver. I do have a current backup of the wordpress site however. I've been getting bombarded with failed email delivery messages using the email address associated with this site and I assumed it was a spoofer using the email address to spam with after I paid a tech guy to confirm the email wasn't originating from the server the site is hosted on. I then seen this file and thought it was a hacked site. As these guys are pretty good at hiding their scripts I thought I'd delete the whole wordpress site for a while and monitor the emails to see if my hunch is correct, if not then I will upload the backups again as it is a cleaner looking site.

  9. nootkan
    Member
    Posted 1 year ago #

    I have deleted the file with no repercussions to the site. Re-uploaded the wordpress site as the spoofing continued with the original site also. Thanks for all the support and ideas.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.