Thread Starter
qut1
(@qut1)
You can see the problem in front here : https://i.postimg.cc/7Dn5Sw-nw/wtf.jpg
Thread Starter
qut1
(@qut1)
Ok I deleted many lines in all fonctions.php, seems to be okay now. Many thx to this plugin !
Hi @qut1,
sorry for the late reply, but yes, this looks like malware.
In general all file functions are suspicious and need to be checked but the line with code.php from an external server is definitely not okay. And there is no file in /wp-includes/wp-tmp.php – if there is one, this is not from WP.
I recommend checking the whole webspace and get through this list:
FAQ My site was hacked
Good luck!
All the best,
Torsten
Thread Starter
qut1
(@qut1)
Hello @zodiac1978 !
Thank you very much for your help, I have identified and deleted 3 files in wp-includes which was too much compared to my other wordpress installations :
– wp-feed.php
– wp-tmp.php
– wp-vcd.php
Now in I have 188 files and 18 folders for a size of 5,930,846 bytes in wp-includes (filezilla)
Again thx to you and your work. 🙂
Hi @qut1,
I recommend doing more checks, like integrity checking with Site Health (under tools):
https://de.ww.wp.xz.cn/plugins/health-check/
Because this the first one is just for WP core you can check the integrity of your theme and plugins with this plugin:
https://de.ww.wp.xz.cn/plugins/wp-cerber/
The best solution is to restore a backup from before the hack. If this is not possible you can remove WP core (be careful wp-config.php should stay and the /wp-content-folder too). These must be checked manually. But the rest should be replaced with fresh downloaded files.
All the best
Torsten
