Title: Possible WordPress/plugin Vulnerability: wp-loadings.php added on root dir
Last modified: August 31, 2016

---

# Possible WordPress/plugin Vulnerability: wp-loadings.php added on root dir

 *  [panos_kar](https://wordpress.org/support/users/panos_kar/)
 * (@panos_kar)
 * [10 years, 2 months ago](https://wordpress.org/support/topic/possible-wordpressplugin-vulnerability-wp-loadingsphp-added-on-root-dir/)
 * Recentry we discovered that our site was hacked. We are unaware which exploit
   is used in order to write files to our server root directory. I am starting this
   thread in order to find other people which had the same issue, and gain further
   insight.
 * Follows a basic description of the hack:
 * A file is uploaded to the root installation folder (wp-loadings.php) Theme file
   404.php is modified. Hack takes place when a googlebot is served a 404 page, 
   a third party page is served instead (from modified 404.php), to add backlinks
   we think.
 * Apart from that, the frontend does not seem affected.
 * A google search, shows that it has affected many other wordpress installations.
   [https://www.google.gr/webhp?q=inurl%3Awp-loadings.php](https://www.google.gr/webhp?q=inurl%3Awp-loadings.php)
 * All google links, lead to a domain like: [removed]
 * **wp-loadings.php source**
    [removed]

Viewing 1 replies (of 1 total)

 *  Moderator [James Huff](https://wordpress.org/support/users/macmanx/)
 * (@macmanx)
 * [10 years, 2 months ago](https://wordpress.org/support/topic/possible-wordpressplugin-vulnerability-wp-loadingsphp-added-on-root-dir/#post-7205229)
 * Having a file uploaded to the server is really not a unique hack. There are many
   ways to get it there, usually by either getting your hosting account details,
   compromising any other account on the server if it’s secured poorly, or pre-existing
   malware anywhere on the server.
 * Remain calm and carefully follow [this guide](https://codex.wordpress.org/FAQ_My_site_was_hacked).
   When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://codex.wordpress.org/Hardening_WordPress).
 * If you absolutely do feel that WordPress itself was compromised, this is the 
   proper way to report it: [https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/](https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/)
 * For the safety of the millions using WordPress, please don’t discuss or disclose
   security details in public.

Viewing 1 replies (of 1 total)

The topic ‘Possible WordPress/plugin Vulnerability: wp-loadings.php added on root
dir’ is closed to new replies.

## Tags

 * [exploit](https://wordpress.org/support/topic-tag/exploit/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 1 reply
 * 2 participants
 * Last reply from: [James Huff](https://wordpress.org/support/users/macmanx/)
 * Last activity: [10 years, 2 months ago](https://wordpress.org/support/topic/possible-wordpressplugin-vulnerability-wp-loadingsphp-added-on-root-dir/#post-7205229)
 * Status: not a support question

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics