Title: Curious about recurring post.php hack
Last modified: August 30, 2016

---

# Curious about recurring post.php hack

 *  [mvidberg](https://wordpress.org/support/users/mvidberg/)
 * (@mvidberg)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/curious-about-recurring-postphp-hack/)
 * I manage a number of WordPress installations and just one of them is continually
   plagued by the same hacking issue. A file keeps showing up in the root wordpress
   folder called post.php. It has ownership set the same as my other files, which
   is www-data:www-data (this is on a debian server). It contains obfuscated PHP
   code which allows running code from an attacking site. (if you are interested,
   the code can be seen in this txt file… [http://simplemindedme.com/bad-post.txt](http://simplemindedme.com/bad-post.txt))
 * I have changed the password on the wordpress installation as well as my server
   account. I do not run FTP, only access the site via ssh. I am running wordfence
   which indicates no issues on the strictest settings. I have run other command
   line scripts to search for code in image files, again nothing found. I have check
   all my cron jobs… nothing in there. So my question is, how does this file keep
   re-appearing?

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Thread Starter [mvidberg](https://wordpress.org/support/users/mvidberg/)
 * (@mvidberg)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/curious-about-recurring-postphp-hack/#post-6800139)
 * Should also mention that the site is running the twentyfifteen theme and only
   2 plugins, Captcha by BestWebSoft and Wordfence.
 *  [mdisch](https://wordpress.org/support/users/mdisch/)
 * (@mdisch)
 * [9 years, 11 months ago](https://wordpress.org/support/topic/curious-about-recurring-postphp-hack/#post-6800431)
 * Did you find out what caused post.php file re-appearing in the root wordpress
   folder? I’m having the same issue lately.
 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [9 years, 11 months ago](https://wordpress.org/support/topic/curious-about-recurring-postphp-hack/#post-6800432)
 * mdisch: please open a new thread for your issue. thanks.
 *  [mdisch](https://wordpress.org/support/users/mdisch/)
 * (@mdisch)
 * [9 years, 11 months ago](https://wordpress.org/support/topic/curious-about-recurring-postphp-hack/#post-6800433)
 * sterndata, the post/question is for mvidberg.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Curious about recurring post.php hack’ is closed to new replies.

## Tags

 * [hacked](https://wordpress.org/support/topic-tag/hacked/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 4 replies
 * 3 participants
 * Last reply from: [mdisch](https://wordpress.org/support/users/mdisch/)
 * Last activity: [9 years, 11 months ago](https://wordpress.org/support/topic/curious-about-recurring-postphp-hack/#post-6800433)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics