Title: Installation hacked – malicious code inserted into wp-includes/plugin.php Last modified: August 20, 2016 --- # Installation hacked – malicious code inserted into wp-includes/plugin.php * [netflow](https://wordpress.org/support/users/netflow/) * (@netflow) * [13 years, 9 months ago](https://wordpress.org/support/topic/installation-hacked-malicious-code-inserted-into-wp-includespluginphp/) * This is the code that was inserted into the plugin.php file * This file is permed 644 and not owned by apache so I’m not sure how it got overwritten. Luckily it was fixed by re-downloading the latest.tar.gz and overwritting everything but has anyone else seen this or know where the security hole is that’s allowing this file to be compromised? * [code removed - Moderators] Viewing 2 replies - 1 through 2 (of 2 total) * [kmessinger](https://wordpress.org/support/users/kmessinger/) * (@kmessinger) * [13 years, 9 months ago](https://wordpress.org/support/topic/installation-hacked-malicious-code-inserted-into-wp-includespluginphp/#post-2945319) * Pls do not post code like this here. * These resources will help you: [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/) * More Resources: [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html) [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress) [http://www.studiopress.com/tips/wordpress-site-security.htm](http://www.studiopress.com/tips/wordpress-site-security.htm) * [The Hack Repair Guy](https://wordpress.org/support/users/tvcnet/) * (@tvcnet) * [13 years, 9 months ago](https://wordpress.org/support/topic/installation-hacked-malicious-code-inserted-into-wp-includespluginphp/#post-2945366) * It’s very possible your site may be extensively compromised. I recommend changing all related passwords as well. * Then I recommend you make sure all is upgraded. Sadly, nowadays it’s rare for hackers to not leave back door scripts in place (allowing hacker to hack your site again in future). * You’ll need to review every file on your website respectively to ensure none are out of place or were installed by hacker. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Installation hacked – malicious code inserted into wp-includes/plugin. php’ is closed to new replies. ## Tags * [hacked](https://wordpress.org/support/topic-tag/hacked/) * [malicious](https://wordpress.org/support/topic-tag/malicious/) * [plugin.php](https://wordpress.org/support/topic-tag/plugin-php/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 2 replies * 3 participants * Last reply from: [The Hack Repair Guy](https://wordpress.org/support/users/tvcnet/) * Last activity: [13 years, 9 months ago](https://wordpress.org/support/topic/installation-hacked-malicious-code-inserted-into-wp-includespluginphp/#post-2945366) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics