Unwanted files (.php files) in WordPress folder in file Manager

  • I am wordpress user. I use WordPress to make websites. I am facing security reasons in wordpress. For example, I installed a WordPress to make a website. I got file manager in Cpanel with the domain name where i have installed wordpress. As I completed my website with using WordPress theme and Plug-ins, After Somedays, I see Unwanted .php extension (like whdjirth.php ) files in domain folder where WordPress had been installed in file manager of Cpanel. Due to this website get slow and File usages size increases in hosting panel. There fore I want to know that Is there any kind of tool that remove these files in one go or act as a firewall to prevent these files to create itself in file manager folder

    There fore, I request you all to share your answer about What should I do to remove them.

    • This topic was modified 2 years, 8 months ago by Jan Dembowski. Reason: Moved to Fixing WordPress, this is not a Requests and Feedback topic
Viewing 1 replies (of 1 total)

  • The root folder of a WordPress installation should only contain the files that can be seen here in the repository: https://github.com/WordPress/WordPress

    It is good if you are aware of it, if you have something there that does not belong to it. However, this indicates to me a possible hack attack, so you should be very careful with your further actions.

    From my point of view there are three ways how this can happen:
    * Someone has access to your hosting area, e.g. via FTP, and has put these files there.
    * A plugin you are using has a security vulnerability which allowed attackers to put a file there.
    * A plugin you use puts these files there. They should not, but who knows. Which plugin is responsible is hard to find out – maybe by source code analysis, but that is tedious.

    Just for interest: have you ever looked into such a file? With the help of the source code you could possibly discover its origin. I would advise against calling the file via http because you never know what it does.

    Maybe it would also make sense to do a scan with Wordfence: https://www.wordfence.com/help/scan/

Viewing 1 replies (of 1 total)
  • The topic ‘Unwanted files (.php files) in WordPress folder in file Manager’ is closed to new replies.

Tags