Title: WordPress Hack – wp-includes/stat file Last modified: August 19, 2016 --- # WordPress Hack – wp-includes/stat file * [trinitywebhosting](https://wordpress.org/support/users/trinitywebhosting/) * (@trinitywebhosting) * [16 years, 1 month ago](https://wordpress.org/support/topic/wordpress-hack-wp-includesstat-file/) * My customers site – [http://lookingcloser.org](http://lookingcloser.org). Continues to get hacked. Each time two files show up in wp-includes or wp-admin called stat and uploads (no extension on either). Somehow facebook and google pick up the code in these files as the cached code for the site. These files contain code that points to pharmaceutical sites, so that is what people see on facebook and google. * We’ve deleted the files 3 different times, but they always come back after a few weeks. Is there a hole we need to plug? * Thank you. Viewing 3 replies - 1 through 3 (of 3 total) * [saildude](https://wordpress.org/support/users/saildude/) * (@saildude) * [16 years, 1 month ago](https://wordpress.org/support/topic/wordpress-hack-wp-includesstat-file/#post-1464515) * Try: * [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) [http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/](http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/) * Just deleting a file does not fully clean up the mess. * [UseShots](https://wordpress.org/support/users/useshots/) * (@useshots) * [16 years, 1 month ago](https://wordpress.org/support/topic/wordpress-hack-wp-includesstat-file/#post-1464550) * [@trinitywebhosting](https://wordpress.org/support/users/trinitywebhosting/): It looks like there are many other sites hacked on your server. I would be concerned with file permissions and isolation of individual sites. * Did you notice the owner of those _stat_ and _uploads_ file? Was it your user or web servers user? What are the permissions of _wp-includes_ and _wp-admin_ directories? * I’d like to take a look at those rogue files. Could you [contact me](http://www.unmaskparasites.com/contact/) if you still have them? * Thread Starter [trinitywebhosting](https://wordpress.org/support/users/trinitywebhosting/) * (@trinitywebhosting) * [16 years, 1 month ago](https://wordpress.org/support/topic/wordpress-hack-wp-includesstat-file/#post-1464746) * to Useshots * We use Rackspace Cloud sites and our individual sites are isolated. Where do you see that we have many other sites hacked? I have not been receiving that type of feedback from customers. * Next time the Rogue files show up, I’ll send them on to you. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘WordPress Hack – wp-includes/stat file’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 3 replies * 3 participants * Last reply from: [trinitywebhosting](https://wordpress.org/support/users/trinitywebhosting/) * Last activity: [16 years, 1 month ago](https://wordpress.org/support/topic/wordpress-hack-wp-includesstat-file/#post-1464746) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics