Warning from WordFence Plugin: “Backdoor:PHP/ObfuscatedInclude.6067”

  • Resolved hoofstep

    (@hoofstep)


    3 years, 9 months ago

    Yesterday I discovered this notification from the Word Fence Plugin telling me about an apparent hacking. I am posting the entire message here. My problem is, I have no idea what to do about it. Can anyone guide me to a tutorial?
    Message:
    “File appears to be malicious or unsafe: wp-config.php
    Type: File
    Issue Found February 8, 2021 2:05 am
    Critical
    Ignore

    Details

    Filename: wp-config.php
    File Type: WordPress Configuration File
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: include “\057home\062/hoo\146

    The issue type is: Backdoor:PHP/ObfuscatedInclude.6067
    Description: PHP include() statement with an obfuscated filepath.

    This is your main configuration file and cannot be deleted. It must be cleaned manually.”

    Thant’s all, thanks!

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @hoofstep and thanks for reaching out to us!

    It sounds like you may need to clean the site or at least follow the checklist here:
    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
    Make sure and get all your plugins and themes updated and update WordPress core too. If you are on an older branch (WordPress 4.x etc) because you wanted to wait before installing the latest version because of Gutenberg or a custom theme compatibility you still need the latest update in that version. Those can be found here:
    https://www.ads-software.com/download/releases/
    WordPress sometimes patches their older releases if they find a vulnerability so make sure to update your version if needed. We, of course, recommend that you update to the latest version.

    As a rule, any time I think someone’s site has been compromised I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database. Make sure and do this.

    Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful.

    If you are unable to clean this on your own there are paid services that will do it for you. Wordfence offers one and there are others. Regardless if you choose to clean it yourself or let someone else do so, we recommend that you make a full backup of the site beforehand.

    Thanks!

Viewing 1 replies (of 1 total)
  • The topic ‘Warning from WordFence Plugin: “Backdoor:PHP/ObfuscatedInclude.6067”’ is closed to new replies.