Title: Identified Exploit for WordPress admin-ajax.php
Last modified: May 16, 2022

---

# Identified Exploit for WordPress admin-ajax.php

 *  [Frank McClung](https://wordpress.org/support/users/fivemcclungs/)
 * (@fivemcclungs)
 * [4 years ago](https://wordpress.org/support/topic/identified-exploit-for-wordpress-admin-ajax-php/)
 * I am having many sites on my server show up in scans with the following upload
   file exploiting /public_html/wp-admin/admin-ajax.php and placing this compressed
   file:
    .sp3ctra_XO.php
 * I can’t find anything about how to fix this exploit (assuming it isn’t a false
   positive).
 * How would I protect against or harden my site against this exploit?

Viewing 1 replies (of 1 total)

 *  [WP STAGING | BACKUP](https://wordpress.org/support/users/wpstagingbackup/)
 * (@wpstagingbackup)
 * [4 years ago](https://wordpress.org/support/topic/identified-exploit-for-wordpress-admin-ajax-php/#post-15648418)
 * Hello Frank [@fivemcclungs](https://wordpress.org/support/users/fivemcclungs/),
 * I am sorry, but your sites have been compromised already. There is no general
   solution that you can apply to get rid of this hack without finding its culprit.
 * Your websites are hacked, and without knowing the reason, you can not fix them.
 * Your only chance is to follow all the steps mentioned in the link below and install
   a security plugin like WordFence or another popular one to help you find the 
   security hole: [https://wordpress.org/support/article/hardening-wordpress/](https://wordpress.org/support/article/hardening-wordpress/).
 * My advice: If these sites are essential for your business, hire a WordPress pro
   to close the issue.
 * If the sites are not critical for your business, set them up from scratch and
   follow all the above advice from the link above to prevent such an attack.

Viewing 1 replies (of 1 total)

The topic ‘Identified Exploit for WordPress admin-ajax.php’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 1 reply
 * 2 participants
 * Last reply from: [WP STAGING | BACKUP](https://wordpress.org/support/users/wpstagingbackup/)
 * Last activity: [4 years ago](https://wordpress.org/support/topic/identified-exploit-for-wordpress-admin-ajax-php/#post-15648418)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics