Manually Cleaning wp-config.php

  • I am requesting help on how to manually clean this file. See WordFence scan below. I did a reset of core WP files, but this did not fix the wp-config.php file. I am fairly comfortable editing this file using my BlueHost cpanel dashboard, but the first part of the file does not exactly match the malicious text.

    This is what the first several lines of my file currently look like:
    <?php
    /*6ad8f*/

    /*6ad8f*/
    /*d4772*/

    /*d4772*/
    /** Enable W3 Total Cache Edge Mode */
    define(‘W3TC_EDGE_MODE’, true); // Added by W3 Total Cache

    /**
    * The base configurations of the WordPress.

    Below is the message from WordFence:

    Filename: wp-config.php
    File Type: WordPress Configuration File
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: <?php\x0a/*6ad8f*/\x0a\x0a/*6ad8f*/

    The issue type is: IOC:PHP/commentMarker.8729
    Description: An Indicator of Compromise(IOC) often found in files that have been maliciously modified

    This is your main configuration file and cannot be deleted. It must be cleaned manually.

Viewing 1 replies (of 1 total)

  • I’d just reinstall my last known good config file from my last good backup.

    Rescan after that.

    You’ll probably want to install IthemeSecurity with your Wordfence… they behave well together and compliment each other.

Viewing 1 replies (of 1 total)
  • The topic ‘Manually Cleaning wp-config.php’ is closed to new replies.