7 {{ upvoteCount | shortNum }}
7 {{ upvoteCount | shortNum }}

Word Press Security Question

by Tamara72
6 replies
Hello Guys

I have scanning my wp sites with new word press defender security plug in and It have warned me that I have two possible malicious files found

File number one is in the flexibility theme - viz. picture 1

and file number 2 was found in the word press robot plug in - viz picture 2

Should I be worried ? If this is a some kind of pharma attack or some kind of injection - could it be spread out to the whole server or even my computer.


Thanks for your time
#press #question #security #word
  • Profile picture of the author MattGoffrey
    Compare the two files to versions that you download to your local PC. Are the files in the downloaded version? Are the files the same size? Do they have the same dates?

    If there are any variances then that would be cause for concern. Simply deleting the offending files and replacing them with the proper versions you downloaded should do the trick.
    {{ DiscussionBoard.errors[5489167].message }}
  • Profile picture of the author lukedidit
    There encrypted footer files.

    What a lot of free theme developers do is put a sponsors link in the footer of the theme and then encrypt the code so you can't remove the link to easily (if you look at your sites footer you probably have some links in there like 'buy forex' or 'rent a car').

    Sometimes by buying the theme you are then allowed to decrypt the footer and remove the sponsored link.

    If you want to do the job yourself then the following script will do it for you. You just need to paste the decoded output back into your footer.php

    eval gzinflate base64_decode Online Decode Tool
    {{ DiscussionBoard.errors[5489280].message }}
    • Profile picture of the author SamuelUherek
      Originally Posted by lukedidit View Post

      There encrypted footer files.

      What a lot of free theme developers do is put a sponsors link in the footer of the theme and then encrypt the code so you can't remove the link to easily (if you look at your sites footer you probably have some links in there like 'buy forex' or 'rent a car').

      Sometimes by buying the theme you are then allowed to decrypt the footer and remove the sponsored link.

      If you want to do the job yourself then the following script will do it for you. You just need to paste the decoded output back into your footer.php

      eval gzinflate base64_decode Online Decode Tool
      I was going to suggest the same. Try to decrypt the code and see what it says. If you see some redirects and disable, enable with IP addresses, try to search on Google if the IPs are marked as spam or not.

      And like Matt said, compare the original files with the ones you have on your website. If it doesn't match, you should worry. Sometimes just deleting it helps and sometimes it's more difficult and you have to investigate where the problem is.

      I had the same experience and after 3 days of searching and finding what was wrong I contacted my hosting provider and asked to scan fro viruses. They removed it and now it's fine.
      {{ DiscussionBoard.errors[5489608].message }}
  • Profile picture of the author hustlinsmoke
    You can have your isp scann your panel and they will catch any mailware or not there.
    {{ DiscussionBoard.errors[5489624].message }}
  • Profile picture of the author Spock1
    I'm sorry but I dunno. It does sound scary though. Take 2 virus checks and call me in the morning.
    Signature
    http://factoid.paybuddies.us
    Article Marketing on Steroids
    The end of long winded articles & minimum word quotas..Focus on what matters & promote your business with Facts!
    {{ DiscussionBoard.errors[5489643].message }}
  • Profile picture of the author Tamara72
    Thank You Guys

    Your answers really helped me.

    Tami
    {{ DiscussionBoard.errors[5497179].message }}

Trending Topics