How to find specific .php files and remove hacked code

  • Hello,

    Last week I posted this question and have come a long way in figuring out how to fix the hack but I still need some help.

    My hosting site Fat Cow has not been able to give me clean back up files but they did send me a scanlog of the infected files so I know which files i need to fix. But I have two issues:

    1. How do I find the specific .php file? I know how to get to the .php (Appearance>Editor) but once I’m there I dont know how to find the right file. For example how would I find the /wp-admin/customize_new.php file or a /new_backup/wp-content/themes/twentyten/loop_new.php file?

    2. Once I do find the correct files how do I know what part of the code is the hack part? I have no clean files of the original pages so I don’t know what’s been inserted and I am very new to everything about website making.

    Thanks for the help!

Viewing 2 replies - 1 through 2 (of 2 total)

  • You may wanna try Wordfence – part of the free version compares the WP core files in the repository to the WP files in your site and can let you know if there are difference.

    Also, WPyogi gave you a lot of good suggestions in your other post at:

    https://www.ads-software.com/support/topic/need-helping-removing-viagra-ad-that-is-on-every-page-of-site?replies=3#post-6628095

    the files in question: are they inside wp-content folder which mean are they part of your theme? If yes then you do need to find them and possibly replace the file with a fresh one (if you can get a fresh theme files).

    Now if they are not in wp-content folder that means you are saved. they are wp core files. Just press ctrl+A then delete don’t forget not to delete wp-content folder. I am saying ctrl+a as there may be hidden files so finding just “loop_new.php” may not solve the problem.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How to find specific .php files and remove hacked code’ is closed to new replies.

Tags