Wordfence shows Hestia header.php as malicious file

  • Resolved animaag

    (@animaag)


    4 years, 3 months ago

    I installed Wordfence security plugin after my website using Hestia got redirected URLs to spam websites. After scanning my website with the plugin it detected that header.php is malicious file with backdoor activity. Can anybody verify if it’s false positive or something I should worry about?

    Filename: wp-content/themes/hestia/header.php
    File Type: Not a core, theme, or plugin file from www.remarpro.com.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <?php error_reporting(0);ini_set(‘display_errors’, 0); if(isset($_POST[‘m’]) && md5($_POST[‘m’]) == “8b83a84918c63d1e9b9ab82e07e20539”

    The issue type is: Backdoor:PHP/md5.8299
    Description: Simple md5 password protection. Often used in backdoors.

    Any insight regarding this is highly appreciated.

    • This topic was modified 4 years, 3 months ago by animaag. Reason: type in header
Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @animaag,

    The code that was found in header.php is not the default Hestia theme code so that file was either modified by someone or hacked. Default header.php file can be checked here: https://github.com/Codeinwp/hestia/blob/master/header.php

    You can also update the theme to the latest version if that’s not done yet and theme files should be overwritten if you aren’t using a child theme. You can also change the content of the file manually.

    I hope this helps!

    Thread Starter animaag

    (@animaag)

    Thank you for your reply! I was indeed hacked and have solved the issue as of now.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Wordfence shows Hestia header.php as malicious file’ is closed to new replies.