Title: 404.php hack allows file upload Last modified: August 22, 2016 --- # 404.php hack allows file upload * [peptid](https://wordpress.org/support/users/peptid/) * (@peptid) * [11 years, 4 months ago](https://wordpress.org/support/topic/404php-hack-allows-file-upload/) * Dear All, * I am writing this post notify users for a possible serious hack. * 404.php file was hacked and it has been converted to * ``` Done ==> $userfile_name"; } } else{ echo' '; } ?> ``` * That basically does this; if a content is not found, it redirects you to a page where you can upload files. Important point is you do not need to be a user or anything; anyone can upload any file to the server. * I basically deleted 404.php and apperantly this problem is solved. Yet, I would like to know what further steps I can take. Any help would be much appreciated. * PS: I am using Lucid Theme of Theme Forest and the site is hosted by GoDaddy. Viewing 1 replies (of 1 total) * [Rumeshkumar](https://wordpress.org/support/users/rumeshin/) * (@rumeshin) * [10 years, 11 months ago](https://wordpress.org/support/topic/404php-hack-allows-file-upload/#post-5712602) * your post helped me to fixed my problem. In my case, the code was inside contact- form-7 V 3.5.2. * [https://wpvulndb.com/vulnerabilities/7022](https://wpvulndb.com/vulnerabilities/7022) * Gonna update now. Viewing 1 replies (of 1 total) The topic ‘404.php hack allows file upload’ is closed to new replies. ## Tags * [404.php](https://wordpress.org/support/topic-tag/404-php/) * [upload](https://wordpress.org/support/topic-tag/upload/) * 1 reply * 2 participants * Last reply from: [Rumeshkumar](https://wordpress.org/support/users/rumeshin/) * Last activity: [10 years, 11 months ago](https://wordpress.org/support/topic/404php-hack-allows-file-upload/#post-5712602) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics