![]() ![]() Simple but effective: Change location of wp-plugin and theme folders.Always make sure you have latest Wordpress as well plugins.Install or enable mod_security on server level. ![]() To prevent it in future (given that you have successfully cleaned your current WP install), you can do few things, (there are plenty of articles so it would be redundant) but mentioning few might not hurt here: Probably they have uploaded some kind of web-shell and can manipulate any file on your hosting account. Yes, someone is able to upload files on your server. eval() is not considered safe in production at all.įurther to verify, a quick grep "isset($_GET)" on source file of latest Wordpress package tells that its not part of it, hence again a dangerous code. Yes, this is a dangerous file as already mentioned by Woodley.$_GET)) Ĭan anyone confirm whether this is an innocent file or something I need to quarantine/delete?Īlso, has was this file created? It implies that remote code has the capability of creating new files in the wp-admin/ sub folder? Is there not a simple way to prevent this which would preclude any further instances. Looking at the file in question, the content of this file is:
0 Comments
Leave a Reply. |