Possible Malware?

  • Hello!

    I’ve been working on cleaning up my site’s WP, as we were hacked a few months back. Being the cautious person that I am though, I’m obviously trying to make sure I only remove malicious content. So I was hoping here would be a good place to ask around about any files that I’m not 100% certain of.

    But starting off, there’s a file I found in /wp-admin/maint called Test2.php. When visited (even by a non-logged in user) it prints out this on the page: https://prntscr.com/9trv0t

    I know it’s not a default WP file, and am 95% sure it’s malicious-related. But I just want to make sure it’s not possibly part of a plug-in, as since our site is fairly high-traffic, we can’t afford for it to suffer any down-time.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator t-p

    (@t-p)

    But starting off, there’s a file I found in /wp-admin/maint called Test2.php.

    No. It’s not a WP core file.

    But I just want to make sure it’s not possibly part of a plug-in,

    No. It cannot be related to any plugins. Files related to any plugin should be in the respective folder of that plugin.

    Also, follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thread Starter TheCockroach

    (@thecockroach)

    Thank you so much for the response, Tara. I’ll check out those guides you posted very shortly.

    Another question though, based on your response. Let’s say, that I find files that do “seem” suspicious. And they aren’t a WP core file that’s listed here , and they aren’t in a plug-in folder. Is there anything else right off that they could “potentially” be, that you’re aware of?

    I’m not the site owner, just their tech guy. And I only just recently gained access to the blog’s FTP server (finally..) so that I could get a scheduler problem fixed. So if it’s not already obvious, I AM relatively new to a WP installation. Luckily though, I’m extremely smart and pick up on things pretty quickly. So this is a learning experience for me, so to speak.

    Thank you again though, I really do appreciate your feedback, and I’ll be checking those links out shortly.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Possible Malware?’ is closed to new replies.