What to fix after possible hack

  • Hi,

    I’m sure this topic has been covered dozens of times, but–I’m quite sure a client of mine had one of his sites hacked and after doing regular security scans, we come up with nearly 200 potentially malicious files. I’ve been in touch with others about what to do and how to clean up, replace, delete etc. but I’ve only gotten so far.

    One immediate question I have is: should there be ANY .php files in my uploads folder? If not, am I safe to delete?

    Thanks in advance for your responses

    Dane

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator James Huff

    (@macmanx)

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thread Starter thedaner

    (@thedaner)

    Will read this, thanks. One thing I immediately did was install a security plug-in and it does regular scans for malware, hack attempts, etc. From that scan I found the malicious files–it’s at this point that I need to know what to do with the files without disabling the site.

    Moderator James Huff

    (@macmanx)

    Make sure you find the attack vector too, following the guide, otherwise they’ll just do it again.

    Thread Starter thedaner

    (@thedaner)

    Looking over the guide, which is very helpful. However, is there an answer to my question about php files in my uploads folder? Should they be there?

    Moderator James Huff

    (@macmanx)

    Only if a plugin put them there. WordPress itself doesn’t put any .php files in the uploads folder.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘What to fix after possible hack’ is closed to new replies.