Suspicious files in themes folder

What theme folder were these files in?

They weren’t in a particular theme folder, just in wp-content/themes.

I would change your FTP/SFTP password and WP Login details.

Also, disable file editing in wp-admin by adding this to your wp-config:

define('DISALLOW_FILE_EDIT', true);

Sucuri also has a good plugin to scan/fix vulnerabilities like this.

As hacking attempts go, this one seems rather ham-fisted, as Wordfence seems to have caught it right away. However, I still want to take it seriously.

Here’s what I’ve done:

– Changed the hosting account FTP/SFTP password.
– Deleted the existing WordPress install.
– Restored the WordPress files from a backup taken before the problem.
– Created a new database with a backup taken before the problem (rather than restoring to the existing database).
– Deleted and re-created all the User accounts, with new passwords.

I’m concerned about using DISALLOW_FILE_EDIT because I’m afraid it might interfere with WP Super Cache. Does anyone have any experience with this?

Are there any other security measures anyone would recommend?

Thanks in advance for all your help!

I’d also change your DB password, if you can.

I’ve used the define(‘DISALLOW_FILE_EDIT’, true); with W3 Total Cache and had no issues. It just doesn’t allow you to edit theme files. The cache files are typically stored outside of a theme.

When I created the new database I gave it a new password, so no worries there. Thanks!