Malicious File in Update?

The credits.php file in my installation is 4744 bytes long. What’s the size of yours?

The credits.php file is reported as 14,676 bytes. It is dated as Dec. 20 (year not shown).

Should I overwrite this file with one the size you’ve shown? If so, I’ll try to find the file in a backup.

Thanks,
-Jack

Take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

Thanks, Steve.

A few minutes ago I received another email from my web hosting firm. Included was a list of about 5o files which they had changed permissions on to restrict access to them. The stated reason was that they appear to have been uploaded by others. Since my WordPress site had just been automatically updated, that would make sense. The question at this point is whether the site was hacked, or if this upgrade triggered a false alarm.

It looks like I have a lot of work to do to make sure things are in order.

-Jack

Install WordFence and run a scan of your site (after checking all of the scan options).

Aaaarrrrrgh! I’m afraid that I’m too late. I can’t even get into my website now….a number of permission errors and a fatal error.

I have the gut feeling that I’m going to have to reinstall everything from scratch now ??

-Jack

I think you’re hacked. Follow the instructions above and you probably won’t lose any data.

I’ve reinstalled everything from scratch, and the site seems to be working properly. Changed every password I could find. Tomorrow I’ll start looking at some plug-ins to help harden the site.

Thanks for your suggestions.

-Jack