Support » Plugin: Wordfence Security - Firewall & Malware Scan » wso.php found in Web Usage Log?

  • Resolved wzshop


    I was recently just checking around at my direct admin (webhosting) environment for errors in the logs when I found the below line in the Web Usage Log
    "....GET /wp-content/wso.php HTTP/1.1" 404 33428 ""

    Because seemed suspicious to me, I started to Google it and found that it might be a malicious file. I have not noticed anything weird on my site so now my question is; Does the line above mean that my site has been hacked or that someone was trying to hack it?


Viewing 2 replies - 1 through 2 (of 2 total)
  • Hey @wzshop,

    This doesn’t indicate the site is hacked. It indicates that a bot was trying to locate and exploit that file. The access log shows the attempt returned a 404, so the file isn’t there. These are just mindless bots probing sites to find ones where exploit it available.

    Please let me know if you have any other questions.



    Hey @wfgerald,
    Thanks a lot for clarifying that!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘wso.php found in Web Usage Log?’ is closed to new replies.