Title: Malicious PHP files
Last modified: January 12, 2021

---

# Malicious PHP files

 *  [ACEuser](https://wordpress.org/support/users/aceuser/)
 * (@aceuser)
 * [5 years, 5 months ago](https://wordpress.org/support/topic/malicious-php-files/)
 * So yesterday, my website got a malicious php file and the wp-load.php file was
   modified. This is the file added to one of the theme folders:
 * **contt-logos.php**
 * All of my plugins and WordPress Core are up to date. This morning, the same file
   showed up again, and the wp-load.php got modified with a string again. I’m reporting
   this here in case this may be a vulnerability within the core, but I don’t know
   what the problem is.

Viewing 1 replies (of 1 total)

 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [5 years, 5 months ago](https://wordpress.org/support/topic/malicious-php-files/#post-13897831)
 * Get a fresh cup of coffee, take a deep breath and carefully follow [this guide](https://wordpress.org/support/article/faq-my-site-was-hacked/).
   When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://wordpress.org/support/article/hardening-wordpress/).
 * If you’re unable to clean your site(s) successfully, there are reputable organizations
   that can clean your sites for you. Sucuri and Wordfence are a couple.

Viewing 1 replies (of 1 total)

The topic ‘Malicious PHP files’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 1 reply
 * 2 participants
 * Last reply from: [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * Last activity: [5 years, 5 months ago](https://wordpress.org/support/topic/malicious-php-files/#post-13897831)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics