Modified wp-load.php file keeps getting re-modified – Urgent help needed

  • Resolved andypp

    (@andypp)


    10 months, 2 weeks ago

    Hello,
    I’m in urgent need of your assistance regarding a potential security compromise on my WordPress site. Wordfence detected a suspicious modification to the core wp-load.php file.

    Here are the details:
    Original file:

    wp_die($die, __(‘WordPress ? Error’ ));
    }

    Modified version:

    wp_die($die, __(‘WordPress ? Error’ ));
    }
    if (function_exists(‘current_user_can’)) {
    if (!current_user_can(‘publish_posts’)) {
    $wtwaf = dirname(FILE) . ‘/_include_8qY7ycTkS786Pt04fLKacbHBNlzoLCvD3CtjQ1YwekDkP0zsGN4VXZpNMB4l7NZS.waf.php’;
    if (file_exists($wtwaf) && is_readable($wtwaf)) {
    @include_once($wtwaf);
    }
    unset($wtwaf);
    }
    }

    I immediately restored the original wp-load.php. However, on the next Wordfence scan, the file was modified again!
    This is extremely concerning. Any help from the experts here is greatly appreciated. Thank you!

    • This topic was modified 10 months, 2 weeks ago by andypp.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter andypp

    (@andypp)

    After further investigation, I realized that the modifications were being made by WebTotem, which is a security application installed on my Plesk server.

    Unless WebTotem’s support advises otherwise or the Wordfence experts caution against it, I am considering allowing these modifications as a WordPress allowlisted exception in Wordfence.
    Please let me know if you have any other recommendations, thanks.

    Plugin Support wfmargaret

    (@wfmargaret)

    Hi @andypp,

    Thanks for keeping us updated!  If you’re sure the additional modifications are coming from WebTotem, you can ignore the result.  You can exclude it from future scan results in Wordfence > Scan by selecting Ignore > Ignore Until File Changes next to the result.  This will ignore the file until further modifications are detected.  It will then be listed under Ignored Results on your Scan page.

    Thanks,
    Margaret

    Thread Starter andypp

    (@andypp)

    Thank you!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Modified wp-load.php file keeps getting re-modified – Urgent help needed’ is closed to new replies.