wp-feed.php
-
Hi,
I keep getting a message saying ‘../wp-includes/wp-feed.php’ is not part of the wordpress installation in which wordfence suggests its malicious?
So I delete it and then it automatically re-creates itself?
Any ideas please?
-
I doubt you need “any other idea”. The issue and solution are listed in the replies to the original issue in this topic.
Look at the start of functions.php, there is likely a malicious file being “included” there.
I’ve seen both class.theme-modules.php and class.plugin-modules.phpThe files you should check for and delete:
wp-feed.php
wp-vcd.php
wp-tmp.php
Remove code from the start of all the functions.php files.
Delete multiple copies of class.theme-modules.php or class.plugin-modules.phpYou must check every folder and check every functions.php you find.
my apologies for being late!
Could you solve it?
If they could not, the best thing is:
1. Check all the WordPress sites in the shared hosting.
2. Deactivate and eliminate each Plugin or theme from DOWNLOAD NULLED
3. Search all the files function.php the malicious code, and delete it, save file changes.
4 Search files :wp-feed.php
wp-vcd.php
wp-tmp.php– These can change location, before removing the code from function.php it is convenient to see what are the routes that you specify for these files.
This would have to clean the installation of each domain in the hosting.
Recommendation: before starting, make a backup of each site.
To know when the site was modified for the last time, list the folders so by modification date.
Generally, when something is modified within them, the date changes, and that gives us a clue as to where you could hide malicious code.
Saludos.
Yes it is a Merna malware, and the password can stole too.
When You want a sample, I have from net:
http://www48.zippyshare.com/v/ejhWVlpP/file.htmlBut don´t ask, why Wordfence can´t it delete from site…
The topic ‘wp-feed.php’ is closed to new replies.