code modified for malware

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket

Author

Posts
April 26, 2018 at 11:48 pm #428194

chris22
Expired Member

Post count: 29

I received this email today from wordfence – Anything to do to stop this? They add an include

* File appears to be malicious: wp-content/themes/GeoDirectory_framework/updater/nqagpxrd.php

* File appears to be malicious: wp-content/uploads/2018/04/eulrinty.php

Warnings:

* Unknown file in WordPress core: wp-includes/customize/.f7c66e68.ico

April 27, 2018 at 12:15 am #428195

Guust
Moderator

Post count: 29970

That looks very much like your site has been compromised.
Always make sure you are using the latest plugins, themes and WP version to minimize vulnerabilities.
This plugin will find some of the malicious file and allow them to be deleted: https://wordpress.org/plugins/sucuri-scanner/
Another way that helps is to download a fresh Zip file of a plugin etc, extract on your site and compare with the files on your server.
Or delete a plugin folder completely on the server and replace with a clean copy.

April 27, 2018 at 1:23 am #428212

chris22
Expired Member

Post count: 29

Yes, it would appear that way. The crazy thing is – all plugins have been current – nothing has been left unchanged –

April 27, 2018 at 6:09 pm #428275

Paolo
Site Admin

Post count: 31206

The only time one of my site have been hacked that way, it was because I had a malware on my PC that scanned my FTP client saved passwords. The hacker uploaded the corrupted files directly via FTP.

I’d suggest to change all your passwords and keep them safe.
Author

Posts

Viewing 4 posts - 1 through 4 (of 4 total)

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket

How to open a new support ticket

Support Policy

Support Forum Search