Title: Malware found ioptimize.php
Last modified: February 17, 2020

---

# Malware found ioptimize.php

 *  [zettwee](https://wordpress.org/support/users/zettwee/)
 * (@zettwee)
 * [6 years, 4 months ago](https://wordpress.org/support/topic/malware-found-ioptimize-php/)
 * Hello Folks,
 * We have found a malicious plugin on several WordPress sites on several webhosts.
   
   The plugin is called ioptimization, and would allow file uploads when opened 
   directly (/wp-content/plugins/ioptimization/IOptimize.php). Luckily Wordfence
   is blocking this in our cases. It does not seem to be because of another plugin,
   as websites with different plugins had this infection and on different servers,
   so I’m afraid this is a WordPress Core exploit. This malicious plugin appeared
   4 days ago (8 Feb), all around the same time. So far, the damage has been minimal,
   but it’s more worrying this appeared in our sites in the first place. I hope 
   I posted this in the right place.
 * [malware code removed]
 * Hope this will be useful to someone
    -  This topic was modified 6 years, 4 months ago by [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/).

The topic ‘Malware found ioptimize.php’ is closed to new replies.

## Tags

 * [exploit](https://wordpress.org/support/topic-tag/exploit/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 7 replies
 * 5 participants
 * Last reply from: [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * Last activity: [6 years, 3 months ago](https://wordpress.org/support/topic/malware-found-ioptimize-php/page/2/#post-12446291)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics