maanushah

I installed and ran the wordfence plugin and it gave me a few (aprox. 8) red crosses error messages. It seems the site has been compromised?

Example of one:
File appears to be malicious: wp-admin/admin-media.php
Filename: wp-admin/admin-media.php
File type: Not a core, theme or plugin file.
Issue first detected: 1 hour 42 mins ago.
Severity: Critical
Status New
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “.$ines[‘0’] . $judges[‘5’]. $ines[‘2’] .$binuclear. $blistering[‘7’] .$blistering[‘7’].$judges[‘7’]”. The infection type is: Backdoor:PHP/qhkh.A.

Listing a few more below:

Filename: wp-admin/includes/class-wp-locale.php
Filename: wp-content/themes/flashnews/cache/external_742cf0fb7a89f413420fc73654b0802a.php
Filename: wp-content/themes/flashnews/cache/external_df2af4fb2d2bbefd0b35f159c527d75e.php
Filename: wp-content/themes/flashnews/entry-nav.php

Filename: wp-content/themes/flashnews/functions.php
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “$m = get_option(‘_descriptioncharset2’))) {\x0d\x0a\x09\x09\x09return $p;\x0d\x0a\x09\x09}\x0d\x0a\x09\x09list($m, $n) = @unserialize(trim(strrev($m”. The infection type is: Backdoor:PHP/strrev.A.

The author was created a couple of years ago. Should I go ahead and delete the author?

Here is the link: https://goo.gl/AAOgQt

The first post on the home page is one of those spam posts.

Thanks!

• This reply was modified 7 years, 10 months ago by maanushah.