Divi WordPress Theme
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress fix wp-admin.php probably hacking

Discussion in 'Misc WordPress Requests' started by christiancannata, Feb 27, 2018.

  1. christiancannata


    wp-admin.php probably hacking, by christiancannata

    Hi guys, every night some files in my wordpress folders are modified with 4 code rows on the top of the files, and an original file is copied as (example: admin-ajax.php.backup)

    The code is here:

    <?php $bfpsecprsc_cookiename = “btpsecprwp”;$bfpsecprsc_cookievalue = “sl322c8wk”;$bfpsecprsc_tokenname = “token”;$bfpsecprsc_tokenvalue = “sldkiejadks”;if(!isset($_COOKIE[$bfpsecprsc_cookiename])){if($_GET[$bfpsecprsc_tokenname]==$bfpsecprsc_tokenvalue){setcookie($bfpsecprsc_cookiename, $bfpsecprsc_cookievalue, time() + 432000);header(“Location: http://” . $_SERVER[‘SERVER_NAME’] . $_SERVER[‘SCRIPT_NAME’] . “?” . str_replace($bfpsecprsc_tokenname . “=” . $bfpsecprsc_tokenvalue . “&”, “”, $_SERVER[‘QUERY_STRING’]));return;}header(“HTTP/1.0 404 Not Found”);$bfpsecprsc_redirecturl = “http://” . $_SERVER[‘SERVER_NAME’] . $_SERVER[‘SCRIPT_NAME’] . “?” . $bfpsecprsc_tokenname . “=” . $bfpsecprsc_tokenvalue . “&” . $_SERVER[‘QUERY_STRING’];$bfpsecprsc_redirecthtml = “<!DOCTYPE HTML PUBLIC \”-//IETF//DTD HTML 2.0//EN\”>\n<html>\n<head>\n<title>…</title>\n<meta http-equiv=\”refresh\” content=\”2;url=” . $bfpsecprsc_redirecturl . “\”></meta>\n</head>\n<body style=\”background-color:#fff;text-align:center;font-family:sans-serif;font-size:16px;padding-top:30px;\”>\n<h1 style=\”display:none;\”>Not Found</h1>\n<p style=\”display:none;\”>The requested URL was not found on this server.</p><p style=\”font-size:20px;margin-bottom:15px;\”>Caricamento in corso…</p><p>Se la pagina non viene caricata entro pochi secondi, assicurati di avere i cookies abilitati, quindi prova a ricaricare la pagina.</p>\n</body>\n</html>”;echo ($bfpsecprsc_redirecthtml);return;} ?>

    I have Sucuri Plugin, Backdoor scanner and antimalware, setted permission only read and no write but every night at 2:00 are modified, can someone help me?

    wp-admin.php probably hacking

Share This Page

Monarch Social Sharing Plugin