Title: wp-pass.php – wp-register.php hack vulnerability? Last modified: August 20, 2016 --- # wp-pass.php – wp-register.php hack vulnerability? * [AlisonMooreSmith](https://wordpress.org/support/users/alisonmooresmith/) * (@alisonmooresmith) * [13 years, 7 months ago](https://wordpress.org/support/topic/wp-passphp-wp-registerphp-hack-vulnerability/) * [My site has been hacked twice](http://wordpress.org/support/topic/site-hacked-multiple-times?replies=6) in the past month. HostGator informed me of this problem. In trying to work through this, I was given some info by a support person at WPMUDev (the creators of a number of plugins I use) on my multisite. * I can’t understand his responses and he seems not to understand my actual questions, so I’m hoping for a second opinion and or a different perspective so that I can work through this. * The support person said that two files in my install (wp-pass.php and wp-register. php) are old files that were “injected into [my] WordPress installation” and “ are causing a security breach with unauthorized signups.” * He said that they do not exist in current WordPress installs (I am using the current version of WordPress, but they are still there) but that I can’t just delete them because “the perpetrators will just turn around and replace them getting past the current version of WordPress.” * Instead, he said that I need to set the permissions of those two files to 0 “ so they cannot be overwritten and are rendered absolutely useless.” * (1) I followed his advice and the site was again hacked this week. * (2) If removed files can be replaced by someone else, then someone else has access to my root file. How does changing permissions on two files help if someone can create files in my root folder? Viewing 1 replies (of 1 total) * [esmi](https://wordpress.org/support/users/esmi/) * (@esmi) * [13 years, 7 months ago](https://wordpress.org/support/topic/wp-passphp-wp-registerphp-hack-vulnerability/#post-3147480) * You need to follow the advice in [your previous topic](http://wordpress.org/support/topic/site-hacked-multiple-times?replies=6). Viewing 1 replies (of 1 total) The topic ‘wp-pass.php – wp-register.php hack vulnerability?’ is closed to new replies. ## Tags * [wp-pass](https://wordpress.org/support/topic-tag/wp-pass/) * [wp-register](https://wordpress.org/support/topic-tag/wp-register/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 1 reply * 2 participants * Last reply from: [esmi](https://wordpress.org/support/users/esmi/) * Last activity: [13 years, 7 months ago](https://wordpress.org/support/topic/wp-passphp-wp-registerphp-hack-vulnerability/#post-3147480) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics