Found a strange file in WordPress root
-
Hi,
I found a strange file in the root of my WordPress folder.
https://www.example.com/wp-code.php
I deleted it from my server but I kept a copy of that PHP script.
I found that many sites are infected with the same threat.
https://www.google.com/search?q=allinurl%3A+wp-code.php&oq=allinurl%3A+wp-code.php
Anyone has an idea about that?
Best regards.`
-
Hi,
The provided link is a dummy example. I prefer not disclosing my own domain for security and privacy.
You can visit a link in the Google Search Results, it’s already returning a huge number of affected websites. I guess: About 47,500 results (0.34 seconds).
It may be a wide-spread security exploit that may require the intervention of WordPress team, but I am not sure if it’s convenient to inform them. That’s why I posted here.
Sharing the PHP file => it’s encrypted and may contains sensitive data about my site. So, posting it on public is risky. I can share it with authoritative WP team member.
It starts with:
<?php /* — enphp : https://github.com/djunny/enphp */ error_reporting(E_ALL^E_NOTICE);
And contains some known PHP functions and a lot of weird characters like 3Ž…I cleaned my website and used some well-known WP plugins and updated everything (core, themes, plugins, ..).
Why I am posting this message?
To know more about that issue if someone else already knows about that and also be an informative topic for people that may have the same problem.
It sounds that this script only creates promotional posts on the fly.
The topic ‘Found a strange file in WordPress root’ is closed to new replies.