Title: wp-includes folder hacked? Last modified: August 20, 2016 --- # wp-includes folder hacked? * Resolved [lrbphoto](https://wordpress.org/support/users/lrbphoto/) * (@lrbphoto) * [14 years, 2 months ago](https://wordpress.org/support/topic/wp-includes-folder-hacked/) * Today I noticed from our Statcounter.com tracking some very weird URLs on our site. It seems like a hacker has hijacked our home page and added some random text and images below the main content. Here are some examples: * [http://laurenbphoto.com/blog/wp-includes/images/define-buck](http://laurenbphoto.com/blog/wp-includes/images/define-buck) [http://laurenbphoto.com/blog/wp-includes/images/define-bucket](http://laurenbphoto.com/blog/wp-includes/images/define-bucket) [http://laurenbphoto.com/blog/wp-includes/images/nordlingen-germany](http://laurenbphoto.com/blog/wp-includes/images/nordlingen-germany) * When I log in to the admin, I can’t find any of the posts or images, though the source code says the images are hosted on our site. If I log in via FTP, I don’t see the images in the wp-includes/images directory. I even did a full server search using cPanel and could not locate the images. * Also, our site redirects to [http://www.laurenbphoto.com](http://www.laurenbphoto.com) if you put in [http://laurenbphoto.com](http://laurenbphoto.com). Yet, these URLs work without the www. * I did a twitter search for define buck and found this tweet with some reference to it: [https://twitter.com/#!/wushunate/status/180589249589026816](https://twitter.com/#!/wushunate/status/180589249589026816) * I looked at the users timeline and there are a bunch of similar links to other WordPress sites. The twitter account seems hacked though. Until these weird pages started showing up, he hadn’t tweeted in two years. * We’re hosting with Host Gator and I have them looking into it. Anyone else seen this and can explain what’s happening? Any security suggestions? * Better yet, how do I get rid of it? * Thanks, * Lincoln Viewing 2 replies - 1 through 2 (of 2 total) * [The Hack Repair Guy](https://wordpress.org/support/users/tvcnet/) * (@tvcnet) * [14 years, 2 months ago](https://wordpress.org/support/topic/wp-includes-folder-hacked/#post-2633183) * Hi, As far as I can tell your site seems free of malware: * Try this free malware checking service to verify: [http://www.UnmaskParasites.com/security-report/?page=laurenbphoto.com/blog/](http://www.UnmaskParasites.com/security-report/?page=laurenbphoto.com/blog/) * Because bots or people are trying to connect to links on your website, that does not mean your site is hacked. * I’m not seeing any redirects or odd content here. * Thread Starter [lrbphoto](https://wordpress.org/support/users/lrbphoto/) * (@lrbphoto) * [14 years, 2 months ago](https://wordpress.org/support/topic/wp-includes-folder-hacked/#post-2633186) * So the Host Gator security team figured it out: * > Upon inspection we found that malware had indeed been injected into your account. > The vast majority of injections are done by malicious users who have found > exploits in scripts previously (and legitimately) installed on the account. > Some are also the result of a compromised password due to a virus-infected > PC, so please make sure to scan any computer used to access this account with > at least two anti-virus programs. We have taken the below actions to prevent > further malicious activities. Please make sure to update your password to update > all the scripts/plugins on your account to the latest version. > This account was exploited due to an outdated timthumb script installed with > a theme. To prevent further exploitation in this manner we have updated all > the timthumb scripts on the account to the latest security release. * Damn you TimThumb! * It’s annoying that I have to worry about my theme files being up to date. * Lincoln Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘wp-includes folder hacked?’ is closed to new replies. ## Tags * [images](https://wordpress.org/support/topic-tag/images/) * [wp-includes](https://wordpress.org/support/topic-tag/wp-includes/) * In: [Hacks](https://wordpress.org/support/forum/plugins-and-hacks/hacks/) * 2 replies * 2 participants * Last reply from: [lrbphoto](https://wordpress.org/support/users/lrbphoto/) * Last activity: [14 years, 2 months ago](https://wordpress.org/support/topic/wp-includes-folder-hacked/#post-2633186) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics