I found in my header.php this code /wp-includes/pomo/txa201501.php

  • Hello, today I found in my template in file header.php on the end this code. Please what is that? Is it virus? I replaced all content in my tremplate. But, i don’t understand, where is the problem? In my computer, bad password in wordpress, ftp password?

    Thank you!

    <?php
$tmp = "?" . strtolower($_SERVER['HTTP_USER_AGENT']);
if((strpos($tmp, 'bot') == true)){
echo '<div id="Related">
<ul>
<li><a href="/wp-includes/pomo/txo201501.php">txo201501</a></li>
<li><a href="/wp-includes/pomo/txo201502.php">txo201502</a></li>
<li><a href="/wp-includes/pomo/txo201503.php">txo201503</a></li>
<li><a href="/wp-includes/pomo/txo201504.php">txo201504</a></li>
<li><a href="/wp-includes/pomo/txo201505.php">txo201505</a></li>
<li><a href="/wp-includes/pomo/txo201506.php">txo201506</a></li>
<li><a href="/wp-includes/pomo/txo201507.php">txo201507</a></li>
<li><a href="/wp-includes/pomo/txo201508.php">txo201508</a></li>
<li><a href="/wp-includes/pomo/txo201509.php">txo201509</a></li>

<li><a href="/wp-includes/pomo/txn201501.php">txn201501</a></li>
<li><a href="/wp-includes/pomo/txn201502.php">txn201502</a></li>
<li><a href="/wp-includes/pomo/txn201503.php">txn201503</a></li>
<li><a href="/wp-includes/pomo/txn201504.php">txn201504</a></li>
<li><a href="/wp-includes/pomo/txn201505.php">txn201505</a></li>
<li><a href="/wp-includes/pomo/txn201506.php">txn201506</a></li>
<li><a href="/wp-includes/pomo/txn201507.php">txn201507</a></li>
<li><a href="/wp-includes/pomo/txn201508.php">txn201508</a></li>
<li><a href="/wp-includes/pomo/txn201509.php">txn201509</a></li>

<li><a href="/wp-includes/pomo/txj201501.php">txj201501</a></li>
<li><a href="/wp-includes/pomo/txj201502.php">txj201502</a></li>
<li><a href="/wp-includes/pomo/txj201503.php">txj201503</a></li>
<li><a href="/wp-includes/pomo/txj201504.php">txj201504</a></li>
<li><a href="/wp-includes/pomo/txj201505.php">txj201505</a></li>
<li><a href="/wp-includes/pomo/txj201506.php">txj201506</a></li>
<li><a href="/wp-includes/pomo/txj201507.php">txj201507</a></li>
<li><a href="/wp-includes/pomo/txj201508.php">txj201508</a></li>
<li><a href="/wp-includes/pomo/txj201509.php">txj201509</a></li>

<li><a href="/wp-includes/pomo/txa201501.php">txa201501</a></li>
<li><a href="/wp-includes/pomo/txa201502.php">txa201502</a></li>
<li><a href="/wp-includes/pomo/txa201503.php">txa201503</a></li>
<li><a href="/wp-includes/pomo/txa201504.php">txa201504</a></li>
<li><a href="/wp-includes/pomo/txa201505.php">txa201505</a></li>
<li><a href="/wp-includes/pomo/txa201506.php">txa201506</a></li>
<li><a href="/wp-includes/pomo/txa201507.php">txa201507</a></li>
<li><a href="/wp-includes/pomo/txa201508.php">txa201508</a></li>
<li><a href="/wp-includes/pomo/txa201509.php">txa201509</a></li>
</ul></div>';
}
?>
Viewing 4 replies - 1 through 4 (of 4 total)

  • It could have a bad password, a compromised plugin, FTP, something beyond your control and on the hosting side.

    The best next steps are change all your passwords related to the site and make sure WordPress and all plugins and your theme is up to date. Then just keep an eye to see if anything like this returns.

    Thread Starter modehnal

    (@modehnal)

    Thank You! I haven’t any plugins. Today I deleted two users and I changed admin password. But I don’t now. Can I change FTP password, or no?

    Thanks a lot!

    You should probably change it yes – you should be able to do that through your web hosting control panel. If you have issues doing that, contact your web host who should be able to help you.

    Thread Starter modehnal

    (@modehnal)

    Super! Thank You Patrick!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘I found in my header.php this code /wp-includes/pomo/txa201501.php’ is closed to new replies.