Title: Malware
Last modified: August 20, 2016

---

# Malware

 *  [mconnors](https://wordpress.org/support/users/mconnors/)
 * (@mconnors)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/)
 * Thanks to installing wordpress 3.3.1 I now have malware on my site and blacklisted
   by google. I’ve completely deleted wordpress and plugins and will look for a 
   secure alternative. Thought I would just post something here. Maybe if enough
   people complain someone will take security seriously.

Viewing 13 replies - 1 through 13 (of 13 total)

 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610184)
 * Hacks are not specific to WordPress. They happen to all kinds of sites using 
   a variety of different management systems.
 *  Thread Starter [mconnors](https://wordpress.org/support/users/mconnors/)
 * (@mconnors)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610187)
 * That maybe true, but I don’t think so. But you are right, I have no positive 
   proof so I should say: _there is a possibility_ wordpress or some plugin I was
   using in wordpress has a security exploit that infected my site with malware.
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610191)
 * There are no known security issues with WordPress 3.3.1 but did you download 
   all of your plugins & your theme from a trusted source?
 *  Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/)
 * (@ipstenu)
 * 🏳️‍🌈 Advisor and Activist
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610334)
 * Checking your site… [http://sitecheck.sucuri.net/results/http://morguefile.com/](http://sitecheck.sucuri.net/results/http://morguefile.com/)
 * No actual malware, but Opera seems to think it’s bad (Google says not).
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610339)
 * morguefile.com??
 *  Thread Starter [mconnors](https://wordpress.org/support/users/mconnors/)
 * (@mconnors)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610340)
 * sucuri.net isn’t finding the malware because I removed wordpress and the blog,
   then reinstalled the rest of the site. Google blacklisted me this morning.
 * Plugins:
    disqus-comment-system wptouch wp-to-twitter akismet google-analyticator
   wp-super-cache
 * The site was compromised sometime around Feb 24th 27th, they just used the exploit
   over the weekend.
 *  Thread Starter [mconnors](https://wordpress.org/support/users/mconnors/)
 * (@mconnors)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610341)
 * yes, morguefile.com
 *  Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/)
 * (@ipstenu)
 * 🏳️‍🌈 Advisor and Activist
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610343)
 * > The site was compromised sometime around Feb 24th 27th, they just used the 
   > exploit over the weekend.
 * How’d you figure that the site was infiltrated then? Is that just when you installed
   WP? Do you have any server logs?
 * (And by the way, have you changed all your passwords?)
 *  Thread Starter [mconnors](https://wordpress.org/support/users/mconnors/)
 * (@mconnors)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610350)
 * Now I am wondering where the exploit is, maybe its not wordpress but its shown
   up in wordpress. I probably shouldn’t go into a lot more further details until
   I can figure it out, thanks everyone.
 *  [b747fp](https://wordpress.org/support/users/b747fp/)
 * (@b747fp)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610377)
 * I have this same issue on all of my WordPress 3.3.1 installations. Every single
   one of them on 5 different hosts have gotten “index.php” files in the main folder
   and wp-content and wp-admin injected with a malware javascript (the injected 
   code gets added before the opening <?php)
 * the only way i can stop it is to Chmod my index.php files to 444
 *  Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/)
 * (@ipstenu)
 * 🏳️‍🌈 Advisor and Activist
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610401)
 * Much of the time, WordPress itself isn’t the vector, but a badly coded theme/
   plugin may be. Or your server may have an issue.
 * b747fp – If your WordPress CORE files are being changed, it’s probably a PHP 
   security issue on your server, call your webhost.
 *  [b747fp](https://wordpress.org/support/users/b747fp/)
 * (@b747fp)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610402)
 * but why would it be a PHP security issue on 5 different hosts… Godaddy, various
   Cpanel hosts, and a Plesk host… it only started happening since the 3.3.x upgrades.
   and many of them use suphp so they dont even have any 777 permissions so i doubt
   it’s a permission exploit. Godaddy has already denied any responsibility or problems
   on their end.
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610404)
 * **[@b747fp](https://wordpress.org/support/users/b747fp/)**: Please post your 
   own topic.

Viewing 13 replies - 1 through 13 (of 13 total)

The topic ‘Malware’ is closed to new replies.

 * In: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/)
 * 13 replies
 * 4 participants
 * Last reply from: [esmi](https://wordpress.org/support/users/esmi/)
 * Last activity: [14 years, 3 months ago](https://wordpress.org/support/topic/malware-8/#post-2610404)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics