Title: WordPress hacked with phpRemoteView
Last modified: August 18, 2016

---

# WordPress hacked with phpRemoteView

 *  [JohnP](https://wordpress.org/support/users/johnp/)
 * (@johnp)
 * [19 years, 7 months ago](https://wordpress.org/support/topic/wordpress-hacked-with-phpremoteview/)
 * Yesterday I discovered a file called config.php had appeared in the plugins directory
   of three of my WP2.04 installations (different domains) on a shared server.
 * The script turned out to be phpRemoteView, which seems to give anyone who navigates
   to it the ability to view and manipulate every file and folder within the user’s
   directory!
 * According to [this discussion thread](http://www.sitepoint.com/forums/showthread.php?t=319954&page=2&pp=25)
   it is used as a hacker’s tool, exploiting a vulnerability in a particular FTP
   server, which I can confirm my host is using.
 * >  the version is outdated for Pure-FTPd and that there is an exploit that allows
   > remote users to basically gain root access. To fix it I just switched to ProFTPd
   > and that is no longer a valid exploit.
 * Surprise, surprise, my host support response was:
 * >  The phpRemoteView could have been uploaded via your other php softwares.
 * The only “other php softwares” I have installed is WordPress, and I have the 
   latest version. It won’t let me upload .php files (as I would expect).
 * Has anyone else encountered phpRemoteView in a WordPress installation?
 * Is there anything I can do to protect myself this happening again, or should 
   I be looking for a different host?

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [Samuel B](https://wordpress.org/support/users/samboll/)
 * (@samboll)
 * [19 years, 7 months ago](https://wordpress.org/support/topic/wordpress-hacked-with-phpremoteview/#post-467594)
 * I know of 2 people it was used on – 1 ran phpnuke (outdated) and the other myphpnuke(
   also outdated).
    If it appeared in your plugins directory – I would suspect a
   plugin.
 *  [Chris_K](https://wordpress.org/support/users/handysolo/)
 * (@handysolo)
 * [19 years, 7 months ago](https://wordpress.org/support/topic/wordpress-hacked-with-phpremoteview/#post-467595)
 * Is your plugins directory permissions world writable?
 *  Thread Starter [JohnP](https://wordpress.org/support/users/johnp/)
 * (@johnp)
 * [19 years, 7 months ago](https://wordpress.org/support/topic/wordpress-hacked-with-phpremoteview/#post-467601)
 * My plugins directory permissions are 755 – I haven’t changed them from the default.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘WordPress hacked with phpRemoteView’ is closed to new replies.

## Tags

 * [hacked](https://wordpress.org/support/topic-tag/hacked/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 3 replies
 * 3 participants
 * Last reply from: [JohnP](https://wordpress.org/support/users/johnp/)
 * Last activity: [19 years, 7 months ago](https://wordpress.org/support/topic/wordpress-hacked-with-phpremoteview/#post-467601)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics