Title: Hijacked php code Last modified: September 21, 2023 --- # Hijacked php code * Resolved [ChriStef](https://wordpress.org/support/users/christef/) * (@christef) * [2 years, 8 months ago](https://wordpress.org/support/topic/hijacked-php-code/) * Hello, * Firstly, I should say a big Thank you for your good plug-ins… * Secondly, my server if hijacked by a malicious php code 2 weeks ago. Added to my add on domains folders. One is a pure WordPress and the other one a custom website with a custom WordPress folder installation. I was lucky to notice the hijacked code as something was wrong on my custom website as it didn’t append well so the normal html output was wrong. The pure WordPress is not noticeable the hijacked code. * I’ve ninja firewall and scanner on both domains. * I really think you should consider to give an eye on this and maybe you could protect others. * Zip files with hijacked code =_ [link to malware redacted by moderator]_ * Thanks for your consideration. I would be great full for any insides. Please inform me when you download the file, so I can delete it. * Take care, * Christos. - This topic was modified 2 years, 8 months ago by [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/). Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [2 years, 8 months ago](https://wordpress.org/support/topic/hijacked-php-code/#post-17069481) * They are the usual files that hackers upload. How did they get access to the site? That’s the most important part. Did you check your logs? Did you have a vulnerability in a plugin? Or they stole a password? * Thread Starter [ChriStef](https://wordpress.org/support/users/christef/) * (@christef) * [2 years, 8 months ago](https://wordpress.org/support/topic/hijacked-php-code/#post-17069830) * I’m not sure yet, I’m still investigating it but I suppose by cpanel vulnerability or main password leak. All domain folders had the injected php code… Even the non WordPress once. * The malicious code just serve for crawling bots other websites products and info. Google is messed up with those info, I think is not to bad. * Thanks for your consideration. - This reply was modified 2 years, 8 months ago by [ChriStef](https://wordpress.org/support/users/christef/). Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Hijacked php code’ is closed to new replies. * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137) * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/) * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/) * 4 replies * 2 participants * Last reply from: [ChriStef](https://wordpress.org/support/users/christef/) * Last activity: [2 years, 8 months ago](https://wordpress.org/support/topic/hijacked-php-code/#post-17069830) * Status: resolved