Title: wp-admin folder create CPR.Webshell everytime Last modified: September 5, 2022 --- # wp-admin folder create CPR.Webshell everytime * [mdnadim148](https://wordpress.org/support/users/mdnadim148/) * (@mdnadim148) * [3 years, 9 months ago](https://wordpress.org/support/topic/wp-admin-folder-create-cpr-webshell-everytime/) * Hello there, Ever if I delete everything in the wp-admin folder, there 2 folders remain inside it also the I can’t delete it. Those folder are includes and user. Inside those folders I find the CPR. Webshell in (class-wp.php, class-wp-media- list-data.php and error.php(in user folder)). But when i rename the wp-admin folder then those files cannot be created and i also easily able to delete those files and also the wp-admin renamed files. * I would be very helpful to know how it’s occurs and how to fix it. * Thanks in advance * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fwp-admin-folder-create-cpr-webshell-everytime%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 2 replies - 1 through 2 (of 2 total) * [Aurimas](https://wordpress.org/support/users/auuurimas/) * (@auuurimas) * [3 years, 9 months ago](https://wordpress.org/support/topic/wp-admin-folder-create-cpr-webshell-everytime/#post-15979264) * Hi, * By the looks of it, it is very likely that your website is injected with malware. The malware clearing process may be a bit complicated, though I am sure you’d manage to clear it by following this guide here: [https://sucuri.net/guides/how-to-clean-hacked-wordpress/](https://sucuri.net/guides/how-to-clean-hacked-wordpress/) * Also, here are some handy tips to keep in mind: * Why WP websites get malware: * 1. Outdated Plugins. 2. Outdated Themes. 3. Unofficial themes or plugins. 4. Outdated WordPress itself. 5. Plugins like WP File manager and other plugins that allow reaching web files or databases via WP-ADMIN. Those are vulnerable a lot. * How to protect your website? * 1. Do not use or download themes or plugins that are Premium but Nulled for free. 2. Always keep plugins, themes and WordPress up to date. 3. Have a security plugin( WordFence) installed and scan from time to time. It’s a FREE plugin. 4. Do not use not popular plugins that have only a few downloads. 5. Use only the official wordpress.org/plugins page. 6. If a website doesn’t require user registration, like business websites, I suggest using _Hide WP-Admin plugin_ 7. If a plugin is not being used – delete it. Even if the plugin is disabled, it can still be used to inject malware. - This reply was modified 3 years, 9 months ago by [Aurimas](https://wordpress.org/support/users/auuurimas/). * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [3 years, 9 months ago](https://wordpress.org/support/topic/wp-admin-folder-create-cpr-webshell-everytime/#post-15980225) * Get a fresh cup of coffee, take a deep breath and carefully follow [this guide](https://wordpress.org/support/article/faq-my-site-was-hacked/). When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://wordpress.org/support/article/hardening-wordpress/). * If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘wp-admin folder create CPR.Webshell everytime’ is closed to new replies. ## Tags * [wp-admin](https://wordpress.org/support/topic-tag/wp-admin/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 3 replies * 3 participants * Last reply from: [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * Last activity: [3 years, 9 months ago](https://wordpress.org/support/topic/wp-admin-folder-create-cpr-webshell-everytime/#post-15980225) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics