Title: Malware Code in my WordPress files Last modified: August 20, 2016 --- # Malware Code in my WordPress files * [Kapi31](https://wordpress.org/support/users/kapi31/) * (@kapi31) * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-code-in-my-wordpress-files/) * Hello! * Unfortunatively I’m encountering the same issue (see [http://wordpress.org/support/topic/security-problem-8?replies=7#post-2695211](http://wordpress.org/support/topic/security-problem-8?replies=7#post-2695211))… and not on 1 site, but 5. 4 are in WordPress (different version of WP). * I have local saves of my websites so I believe that I will only have to delete and replace all the files by my saved copies… even if it will be a huge work. Correct? * I have already changed my ftp access pwd. * BUT I have a question… Do you know if the virus changes the permissions on the different dir and files? * I have noticed that the virus has also added code to index.html and other html files at the root of some dir… * Other question… My antivirus has founded anything on my machine. When I have noticed an issue… I think that it was a trap… I have immediately restore the system configuration on a previous date. But should I reinstall all my system? * Many thanks for your help. Viewing 6 replies - 1 through 6 (of 6 total) * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-code-in-my-wordpress-files/#post-2634744) * As you know, you’ve been hacked so give the normal reading list a look. * [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/) * > I have local saves of my websites so I believe that I will only have to delete > and replace all the files by my saved copies… even if it will be a huge work. > Correct? * After you’ve cleared all your files with an AV scanner, yes. BUT don’t restore any files that you can get from the source such as plugins, themes, and most especially the WordPress files. * > BUT I have a question… Do you know if the virus changes the permissions on > the different dir and files? * Why chance it? Set your files and directories to the normal permissions. * [http://codex.wordpress.org/Changing_File_Permissions#Permission_Scheme_for_WordPress](http://codex.wordpress.org/Changing_File_Permissions#Permission_Scheme_for_WordPress) * > I have noticed that the virus has also added code to index.html and other html > files at the root of some dir… * Yep, that’s what malware scripts do. * > Other question… […] But should I reinstall all my system? * I would hesitate to accept advice for PC virus infection issues on a WordPress forum. 😉 For that, seek help elsewhere. * [kmessinger](https://wordpress.org/support/users/kmessinger/) * (@kmessinger) * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-code-in-my-wordpress-files/#post-2634748) * > But should I reinstall all my system? * If you have a good anti-virus software you shouldn’t have to do that. Have your av do the deepest scan it can of the system. * Thread Starter [Kapi31](https://wordpress.org/support/users/kapi31/) * (@kapi31) * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-code-in-my-wordpress-files/#post-2634755) * Hello! * Thanks for the quick reply. * I have read the “standard” recommendations. * I will then change all the pwd (MySql, admin, users…). * I was thinking to ask my ISP to restore everything on March 12th… as the issue ocurred on March… I have only detected the real problem on March 16th. It’s a professional ISP. Do you want to laugh? I don’t… 🙁 The retention is only for 24 hours!!! * On my local PC I have the full sites saved before this date… so I could manually changed everything… But there could be a human error… and it’ll be SO fastidious!!! So I believe the best thing to do is to upgrade my current WP installs to the latest one… but need to check with my ISP the version of my SQL they support. * About my AV… it’s the latest version of McAffee… but once again to be sure I’ll perform the site maintenance operations from another PC. * I have asked my ISP about the database as I have no idea if it has been affected. * Normal permissions rights… Could you remind me what they are? I know for some plugin like mailpress they should be writable… * Once again, many thanks for your support. * [kmessinger](https://wordpress.org/support/users/kmessinger/) * (@kmessinger) * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-code-in-my-wordpress-files/#post-2634759) * [http://codex.wordpress.org/Changing_File_Permissions#Permission_Scheme_for_WordPress](http://codex.wordpress.org/Changing_File_Permissions#Permission_Scheme_for_WordPress) * Thread Starter [Kapi31](https://wordpress.org/support/users/kapi31/) * (@kapi31) * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-code-in-my-wordpress-files/#post-2634844) * Hello! * I have reinstalled 3 of 5 web sites. * With the 4th I’ve got this error: * Fatal error: Call to a member function add_rewrite_tag() on a non-object in / usr/home/v2232/html/wp-includes/taxonomy.php on line 289 * Could anyone let me know how to fix this issue? * Many thanks! * Thread Starter [Kapi31](https://wordpress.org/support/users/kapi31/) * (@kapi31) * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-code-in-my-wordpress-files/#post-2634901) * Thanks for your help and your advices. Everything has been restored. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Malware Code in my WordPress files’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 6 replies * 3 participants * Last reply from: [Kapi31](https://wordpress.org/support/users/kapi31/) * Last activity: [14 years, 2 months ago](https://wordpress.org/support/topic/malware-code-in-my-wordpress-files/#post-2634901) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics