Title: is class-wp-theme-edit.php a valid file? Last modified: August 20, 2016 --- # is class-wp-theme-edit.php a valid file? * [theMezz](https://wordpress.org/support/users/themezz/) * (@themezz) * [14 years, 5 months ago](https://wordpress.org/support/topic/is-class-wp-theme-editphp-a-valid-file/) * is class-wp-theme-edit.php a valid wordpress file? I am showing a BACKDOOR in this file. I just downloaded a new zip of WP and it does NOT seem to include the file called class-wp-theme-edit.php * Should I remove class-wp-theme-edit.php?? Viewing 7 replies - 1 through 7 (of 7 total) * [Christine Rondeau](https://wordpress.org/support/users/crondeau/) * (@crondeau) * [14 years, 5 months ago](https://wordpress.org/support/topic/is-class-wp-theme-editphp-a-valid-file/#post-2483537) * I would delete it (make a backup first) and see what happens. * [squidly1](https://wordpress.org/support/users/squidly1/) * (@squidly1) * [14 years, 3 months ago](https://wordpress.org/support/topic/is-class-wp-theme-editphp-a-valid-file/#post-2483887) * While I was deployed (and did not have access to my blogs to maintain them or update my installations), someone took advantage of my old installs – and thanks to some quirk/vulnerability with PHP uploaded the file you mentioned to some of my blogs. It *is* a bit of malware and it does allow an attacker a fair amount of control over your blog and possibly over your SQL database. Deleting it will not affect your blog. It’s not very sophisticated (so far as I can see atm), so deleting the file do nothing more than minimize control over your blog. But, you will need to update your installations to help minimize a successful re-exploitation. * I am working on researching the limits of the infection and rooting out all the possible changes someone might have done to my accounts. Sadly, my attack occurred in mid and late October 2011 and my host logs only go back two months, so I am at a loss at tracing back who might have done it. * You should know that there are are probably other files that have been uploaded as well – all of them are obfuscated files (.GIFs, .JPGs, other PHPs – and should have the same date as that initial class-wp-theme-edit.php file). None of the legit WordPress files are obfuscated (ie: have large sections of HEX encoding), they are pretty much clear text. * Thread Starter [theMezz](https://wordpress.org/support/users/themezz/) * (@themezz) * [14 years, 3 months ago](https://wordpress.org/support/topic/is-class-wp-theme-editphp-a-valid-file/#post-2483888) * I have detected Backdoor:PHP/Seqangle.A a few times in my class-wp-theme-edit. php file on both my installations of WordPress. * I use strong passwords, keep WP up to date, removed un-used plug-in’s, and removed un-used themes. * Questions * 1) What else can I do a sa preventative * 2) What is class-wp-theme-edit.php suppose do. I erased it, but that has to effect something at sometime. * Thread Starter [theMezz](https://wordpress.org/support/users/themezz/) * (@themezz) * [14 years, 3 months ago](https://wordpress.org/support/topic/is-class-wp-theme-editphp-a-valid-file/#post-2483889) * Does anyone know if that file belongs to wordpress? * [esmi](https://wordpress.org/support/users/esmi/) * (@esmi) * [14 years, 3 months ago](https://wordpress.org/support/topic/is-class-wp-theme-editphp-a-valid-file/#post-2483890) * What folder is that file in? * Thread Starter [theMezz](https://wordpress.org/support/users/themezz/) * (@themezz) * [14 years, 3 months ago](https://wordpress.org/support/topic/is-class-wp-theme-editphp-a-valid-file/#post-2483891) * wp-admin\includes\class-wp-theme-edit.php * [esmi](https://wordpress.org/support/users/esmi/) * (@esmi) * [14 years, 3 months ago](https://wordpress.org/support/topic/is-class-wp-theme-editphp-a-valid-file/#post-2483892) * It’s not in 3.3.1 * If it’s a hack file, then it definitely looks to be targeted at WP specifically. Can you send an email with the details to security [at] wordpress.org. Please include as much detail as you can. Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘is class-wp-theme-edit.php a valid file?’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 7 replies * 4 participants * Last reply from: [esmi](https://wordpress.org/support/users/esmi/) * Last activity: [14 years, 3 months ago](https://wordpress.org/support/topic/is-class-wp-theme-editphp-a-valid-file/#post-2483892) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics