Identified Exploit for WordPress admin-ajax.php

  • I am having many sites on my server show up in scans with the following upload file exploiting /public_html/wp-admin/admin-ajax.php and placing this compressed file:
    .sp3ctra_XO.php

    I can’t find anything about how to fix this exploit (assuming it isn’t a false positive).

    How would I protect against or harden my site against this exploit?

Viewing 1 replies (of 1 total)

  • Hello Frank @fivemcclungs,

    I am sorry, but your sites have been compromised already. There is no general solution that you can apply to get rid of this hack without finding its culprit.

    Your websites are hacked, and without knowing the reason, you can not fix them.

    Your only chance is to follow all the steps mentioned in the link below and install a security plugin like WordFence or another popular one to help you find the security hole: https://www.ads-software.com/support/article/hardening-wordpress/.

    My advice: If these sites are essential for your business, hire a WordPress pro to close the issue.

    If the sites are not critical for your business, set them up from scratch and follow all the above advice from the link above to prevent such an attack.

Viewing 1 replies (of 1 total)
  • The topic ‘Identified Exploit for WordPress admin-ajax.php’ is closed to new replies.