Title: Malware found ioptimize.php
Last modified: February 17, 2020

---

# Malware found ioptimize.php

 *  [zettwee](https://wordpress.org/support/users/zettwee/)
 * (@zettwee)
 * [6 years, 3 months ago](https://wordpress.org/support/topic/malware-found-ioptimize-php/)
 * Hello Folks,
 * We have found a malicious plugin on several WordPress sites on several webhosts.
   
   The plugin is called ioptimization, and would allow file uploads when opened 
   directly (/wp-content/plugins/ioptimization/IOptimize.php). Luckily Wordfence
   is blocking this in our cases. It does not seem to be because of another plugin,
   as websites with different plugins had this infection and on different servers,
   so I’m afraid this is a WordPress Core exploit. This malicious plugin appeared
   4 days ago (8 Feb), all around the same time. So far, the damage has been minimal,
   but it’s more worrying this appeared in our sites in the first place. I hope 
   I posted this in the right place.
 * [malware code removed]
 * Hope this will be useful to someone
    -  This topic was modified 6 years, 3 months ago by [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/).

Viewing 7 replies - 1 through 7 (of 7 total)

 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [6 years, 3 months ago](https://wordpress.org/support/topic/malware-found-ioptimize-php/#post-12426406)
 * Get a fresh cup of coffee, take a deep breath and carefully follow [this guide](https://wordpress.org/support/article/faq-my-site-was-hacked/).
   When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://wordpress.org/support/article/hardening-wordpress/).
 * If you’re unable to clean your site(s) successfully, there are reputable organizations
   that can clean your sites for you. Sucuri and Wordfence are a couple.
 *  Thread Starter [zettwee](https://wordpress.org/support/users/zettwee/)
 * (@zettwee)
 * [6 years, 3 months ago](https://wordpress.org/support/topic/malware-found-ioptimize-php/#post-12426421)
 * Dear Steve,
 * Did you read it at all? We don’t have any major problems with it, we are just
   trying to inform the community of a possible WordPress Core exploit.
    Also, don’t
   see a reason to remove the code (which is harmless by itself) which could help
   identify this exploit.
 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [6 years, 3 months ago](https://wordpress.org/support/topic/malware-found-ioptimize-php/#post-12426430)
 * We do not allow malware to be published here.
 *  Thread Starter [zettwee](https://wordpress.org/support/users/zettwee/)
 * (@zettwee)
 * [6 years, 3 months ago](https://wordpress.org/support/topic/malware-found-ioptimize-php/#post-12426437)
 * It’s not malware on it’s own, again, did you read it at all? Or what the code
   does?
 * The main issue being that this appeared on several sites, with different plugins
   on different hosts. Something worthwhile for the WordPress dev’s to investigate,
   i’d say.
    -  This reply was modified 6 years, 3 months ago by [zettwee](https://wordpress.org/support/users/zettwee/).
 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [6 years, 3 months ago](https://wordpress.org/support/topic/malware-found-ioptimize-php/#post-12426446)
 * Please read [https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#where-do-i-report-security-issues](https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#where-do-i-report-security-issues)
 *  Thread Starter [zettwee](https://wordpress.org/support/users/zettwee/)
 * (@zettwee)
 * [6 years, 3 months ago](https://wordpress.org/support/topic/malware-found-ioptimize-php/#post-12426461)
 * Thank you, should have started with that.
 * Please in the future, read what it’s actually about without simply just copy 
   pasting a ready answer please. This is highly frustrating.
 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [6 years, 3 months ago](https://wordpress.org/support/topic/malware-found-ioptimize-php/page/2/#post-12446291)
 * As noted above, we do not discuss vulnerabilities here. This topic is now closed.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Malware found ioptimize.php’ is closed to new replies.

## Tags

 * [exploit](https://wordpress.org/support/topic-tag/exploit/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 7 replies
 * 5 participants
 * Last reply from: [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * Last activity: [6 years, 3 months ago](https://wordpress.org/support/topic/malware-found-ioptimize-php/page/2/#post-12446291)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics