Title: Hacker?
Last modified: August 21, 2016

---

# Hacker?

 *  [AxKa](https://wordpress.org/support/users/axka/)
 * (@axka)
 * [12 years, 2 months ago](https://wordpress.org/support/topic/hacker-1/)
 * We keep finding the file **.backup_time** in the root of our installation. After
   being deleted it keeps popping up as soon as the wp index.php is triggered.
    
   Next to that we have the following string in our wp-database:
 * a:9:{s:7:”enabled”;b:1;s:6:”method”;b:1;s:9:”file_list”;a:2:{i:0;s:30:”wp-content/
   infinitewp/backups/”;i:1;s:12:”.backup_time”;}s:5:”types”;a:6:{i:0;s:4:”.jpg”;
   i:1;s:5:”.jpeg”;i:2;s:4:”.png”;i:3;s:4:”.log”;i:4;s:3:”.mo”;i:5;s:3:”.po”;}s:
   5:”email”;b:1;s:5:”split”;b:0;s:12:”notify_admin”;b:0;s:10:”last_chunk”;b:0;s:
   8:”last_run”;d:1396344213;}
 * Does the file.backup_time belong to the iThmes/Better WP Security) installation?
 * regards,
    AxKa
 * [https://wordpress.org/plugins/better-wp-security/](https://wordpress.org/plugins/better-wp-security/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [darkmatter661](https://wordpress.org/support/users/darkmatter661/)
 * (@darkmatter661)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/hacker-1/#post-4768889)
 * I am also having this issue and can’t figure out if it’s malware or what. My 
   auto backup is OFF for better-wp-security so I don’t know what it is. My guess
   is it’s part of malware, it’s in every root WP directory and other directories
   as well. If anyone’s gone through this I’d really appreciate any help! The contents
   seem to be base64 encoded. I can’t find the script it creates anywhere. I don’t
   know what to do next.
 * _[ Moderator note: encoded gobley-gook redacted ]_
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [11 years, 10 months ago](https://wordpress.org/support/topic/hacker-1/#post-4768890)
 * [@darkmatter661](https://wordpress.org/support/users/darkmatter661/) Your data
   and problem are different from the original poster’s.
 * Per the [forum welcome](http://codex.wordpress.org/Forum_Welcome#Where_To_Post)
   please post your own topic with your own details.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Hacker?’ is closed to new replies.

 * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=3529351)
 * [Kadence Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/)
 * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/)

 * 2 replies
 * 3 participants
 * Last reply from: [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * Last activity: [11 years, 10 months ago](https://wordpress.org/support/topic/hacker-1/#post-4768890)
 * Status: not resolved