Suspicious php files under public_html

  • Resolved sgabor881011

    (@sgabor881011)


    1 year, 9 months ago

    Dear Support!

    I would like to ask for your help regarding my website.

    Unfortunately, I have to do daily restore to my website from backup, as there are suspicious php files under my public_html folder (with the name of up.php and many other ones).

    I do not know why it is happening, as my Divi theme and plugins are also up-to-date, I hide my wp-login url, and when I run an extended scan with Wordfence, it says there are no virus and malware on this site.

    I have found the following article with this subject:

    https://www.getastra.com/e/malware/infections/wordpress-malware-upphp-in-wp-contentuploads-folder-which-deletes-itself

    Unfortunately it does not solve my problem as the files are under public_html and not under uploads.

    Could you please help me what should I do to get rid of these php files?

    Your help would really be appreciated.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @sgabor881011, thanks for reaching out.

    Whilst Wordfence will use its extensive database of vulnerabilities, bad IPs, signatures, and malicious files, it is possible for malicious URLs/code to be packaged in a way we haven’t seen before. If you have a copy of any of the affected files, you can by all means forward one or more to samples @ wordfence . com so that we can create a new rule if this is the case. Make sure to always remove passwords/keys/salts from anything you do send.

    They should also let you know whether a site clean is necessary to prevent the recreation of the files in future.

    Thanks,
    Peter.

    Thread Starter sgabor881011

    (@sgabor881011)

    Thank you Peter, I will send the details.

    Plugin Support wfpeter

    (@wfpeter)

    No worries! If you’re using the free version of Wordfence and have further questions in the future, by all means start up a new topic and we’ll be glad to help out any time!

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Suspicious php files under public_html’ is closed to new replies.