WordPress core file modified: XXX

@yi1zhao Please do not post malware code in these forums.

WordPress does not have an abc.php files. Your site is compromised and needs to be deloused.

Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

abc.php is just an example. hundreds of files have been affected.

I read over the guide but the suggestions are very high level. I’m hope someone has had similar problem and knows what type of hack this is.

Let me know if I need to provide additional info to diagnose the problem.

Hi,

You can click the Wordfence menu to view the scan results — in the list of results that shows all of the modified files, look for the ones first that have a link that can be used to replace the file with the original. Click those links to fix the affected files.

After those are all done, you can run another scan and see what still appears. Some files may only have an option to delete them — be careful in what you delete, and be sure to have a backup of the site, or at least any files that you remove, in case you remove something important.

We have a guide for cleaning hacked sites here which may also help:
How to clean a hacked website

There are some parts of the guide that you may not be able to do, depending on the type of access you have to your site, but the sections on enabling additional Wordfence scans can help.

-Matt R