Title: plugin with possible backdoor
Last modified: February 25, 2025

---

# plugin with possible backdoor

 *  [ryanvl](https://wordpress.org/support/users/ryanvl/)
 * (@ryanvl)
 * [1 year, 3 months ago](https://wordpress.org/support/topic/plugin-with-possible-backdoor/)
 * I am contacting you because all my sites have been infected, and they all use
   the current version of the codekit. Malware started creating .php files, installing
   plugins and themes on all of them. I cleaned everything except removing the plugin,
   until I decided to remove the plugin and the problem was solved. I tried to reinstall
   it and the attack came back again. So I am sure that the plugin has some vulnerability
   that is not known at the moment, and that it is serving as a backdoor.

Viewing 1 replies (of 1 total)

 *  Plugin Author [Bilal TAS](https://wordpress.org/support/users/bilaltas/)
 * (@bilaltas)
 * [1 year, 3 months ago](https://wordpress.org/support/topic/plugin-with-possible-backdoor/#post-18326948)
 * Hi [@ryanvl](https://wordpress.org/support/users/ryanvl/), thank you for informing.
   Let me ask a few questions to investigate:
    1. Is there any infected Custom Functions created by CodeKit? Can you please check
       all the .php files in /wp-content/custom_codes/ folder? If so, once the plugin
       is activated, they are becoming active and starts executing harmful codes from
       there. An attacker may use this method to execute a malicious code if they gained
       admin access.
    2. Which version of CodeKit you noticed the malicious action on?

Viewing 1 replies (of 1 total)

The topic ‘plugin with possible backdoor’ is closed to new replies.

 * ![](https://ps.w.org/custom-codes/assets/icon.svg?rev=2536106)
 * [CodeKit - Custom Codes Editor](https://wordpress.org/plugins/custom-codes/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/custom-codes/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/custom-codes/)
 * [Active Topics](https://wordpress.org/support/plugin/custom-codes/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/custom-codes/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/custom-codes/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Bilal TAS](https://wordpress.org/support/users/bilaltas/)
 * Last activity: [1 year, 3 months ago](https://wordpress.org/support/topic/plugin-with-possible-backdoor/#post-18326948)
 * Status: not resolved