Support » Everything else WordPress » What is _info.php?

  • Resolved nootkan


    Just noticed this file under my wordpress root and was wondering what it was for? Isn’t it a security risk to allow anyone to view the phpinfo?

Viewing 8 replies - 1 through 8 (of 8 total)
  • catacaustic


    very awesome

    that’s not a standard file from WordPress, so you should be able to delete it without a problem.

    It can be a bit of a security risk if someone knows where the file is and looks through it. They’d have to find it first though! On top of that, there’s a huge percentage of the worlds websites that aer running PHP ov various versions, so the chances of anything bad happening from just that fiel are slim. It’s still a possibility, but there’s other things that you should be more concerned with before that.

    Yep, definitely not a standard WP file. What does it contain?

    maybe its a backdoor or anything, no one can know if you does not show the code inside it 🙂

    Sorry guys I’ve been away for awhile. I am assuming that this file comes with a plugin but I’m not sure as I didn’t create the site a third party did.

    `<?php echo posix_getuid(); phpinfo();

    all in one seo
    bot smasher
    floating social media icon
    get the image
    nextgen gallery
    simple 301 directs
    testimonial widget
    wordpress database backup
    wordpress importer



    very awesome

    I wouldn’t rush into saying that the sites been hacked. The code there is perfectly valid for a developer to check to ensure that the server envronment can support the requirements for WordPress.

    The first thing to do is dleete the file – it’s not needed any more and it has the possibility of opening up security holes if osmeone finds it.

    The second thing to do is run your site thorugh Sucuri’s site checker to check for any issues.

    Third thing to do is check with your developer to see if they actually did put that file there (I’d be pretty sure that they did and just forgot to delete it).

    If you find any issues, then go thorugh the steps that Esmi has given. Before establishing that it really was a hack or just a forgetful developer they might be a bit of overkill.

    Too late, I’ve already deleted the wordpress site and gone back to the original site built with dreamweaver. I do have a current backup of the wordpress site however. I’ve been getting bombarded with failed email delivery messages using the email address associated with this site and I assumed it was a spoofer using the email address to spam with after I paid a tech guy to confirm the email wasn’t originating from the server the site is hosted on. I then seen this file and thought it was a hacked site. As these guys are pretty good at hiding their scripts I thought I’d delete the whole wordpress site for a while and monitor the emails to see if my hunch is correct, if not then I will upload the backups again as it is a cleaner looking site.

    I have deleted the file with no repercussions to the site. Re-uploaded the wordpress site as the spoofing continued with the original site also. Thanks for all the support and ideas.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘What is _info.php?’ is closed to new replies.