backdoor shell in my wordpress website

  • Hello
    I am using wordpress for my website on linux server
    I was take a backup on zip file and download it in my PC.
    Windows Defender Security Center scan my pc and found a backdoor shell in zip file.
    Please have a look to the screenshot
    https://oi66.tinypic.com/21ngqhh.jpg

    Now these are my questions:
    1- This is a mistake by Defender Security Center and this is not a shell?
    If it is a backdoor shell…
    2- My server was hacked and was uploaded on my server?
    3-My PC have this shell and uploaded on my server automatically with other files?
    4-How can I increase wordpress security? (The best plugins)

    Regards

Viewing 1 replies (of 1 total)

  • Keep calm.
    I think 2.
    Most likely your website hosting has been hacked and they have installed a command interpreter agent (shell) there. For me the clincher is the filename “language.mo.php”, this is clearly a sneaky attempt to hide their file in a way as to make it easily overlooked, no way is this a legitimate name.

    Now what do you do about it ?
    Take your WordPress site offline by creating a file “.maintenance” in your website directory.
    Then change your passwords because this is quick. Change passwords for:
    – cPanel hosting login, FTP logins
    – mysql database, your WordPress won’t be running for a while anyway.
    Now you have to evict the hackers, deleting their shell is a start, but in all likelyhood the first thing they did was add a 2nd backdoor.
    Since you have a site backup, you could delete ALL the files. Then go and check any other websites hosted from your account and secure them.

    There are instructions on handling a hacked site here:
    https://codex.www.ads-software.com/FAQ_My_site_was_hacked
    Other nore or less relevant websites are:
    https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    https://smackdown.blogsblogsblogs.com/2012/11/14/hacked-on-hostpapa-or-netregistry/
    https://ottopress.com/2009/hacked-wordpress-backdoors/

    Then once you are done you need to change all your passwords AGAIN.
    Secure your website access logs and see if they tell you anything about the attack.

Viewing 1 replies (of 1 total)
  • The topic ‘backdoor shell in my wordpress website’ is closed to new replies.