Remove hack files from WordPress

Remove hack files from WordPress
datum-geschreven 20 Dec 2023
Reageer! reacties

You can recognize from the names of the hack files that they are related to programming; about 50% of the hack files have a logical structure that a programmer would develop.

Some of the most common hack files:

  • test.php
  • cache.php
  • files.php
  • options.php
  • view.php
  • diff.php
  • start.php
  • plugin.php

Note: These files can also exist in WordPress, so don’t remove them solely based on their names.

How do you identify if it’s a hack file?

In about 90% of the cases, the file contains a messy jumble of code—a base64-encoded code without any logic or formatting.

code example

Where can you find these hack files on your site?

They can be found in any directory. Although the “uploads” directory is a favorite target because it’s often writable, a hacker/hackbot can place files throughout your entire website.

If you want to systematically remove the files:

First, make a backup!

You can divide your WordPress website into 5 parts:

  1. WordPress core (try to refresh it completely)
  2. The plugins directory
  3. The themes directory
  4. The uploads directory
  5. The container directories

The plugins directory

This directory should only have an index.php file and the plugins. Refresh the plugins wherever possible, or check the modification dates to find the hack files.

The themes directory

This directory should also have an index.php file and one theme. Remove the themes that you don’t use!

The uploads directory

There should be NO PHP files in this directory. You can remove any PHP file.

The container directories

The “wp-content” directory usually contains only an index.php file and the directories mentioned above (2, 3, 4).

The “languages” directory should only contain language files and no PHP files.

The “upgrade” directory is used only for temporary upgrade files and is usually empty.

In conclusion

Removing all the hack files is a significant task and requires considerable knowledge.

And that’s not even considering the lines of hack code that are injected into your existing files. You can find these by checking the modification dates, and this code is often placed above or below the original code.

The more you know, the easier it is to remove hack files.

Good luck!

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Lees meer over Solutions

Most common WordPress problems and the solutions!

Most common WordPress problems and the solutions!

Problems & solutions: InstallationI need to fill in database details, what are they?Where are my pages, and how do I set a static page...
datum-geschreven 7 Mar 2024
Reageer! reacties
Hacked website? Here’s how to fix it!

Hacked website? Here’s how to fix it!

Several ways to restore the hacked website1. A relatively easy way to temporarily restore the hacked website2. If you can program, you can correct...
datum-geschreven 5 Mar 2024
Reageer! reacties
WordPress admin no longer works, the solution!

WordPress admin no longer works, the solution!

1. Admin problem caused by Plugins2. Admin problem after changing the theme3. Admin problem after installationIf you’re still facing issues…We receive many messages stating...
datum-geschreven 2 Mar 2024
Reageer! reacties
Meer WordPress nieuws lezen? Ga naar onze nieuwspagina!

Heb je een vraag? Tip of gedachte? Deel die!

Abonneer
Breng me op de hoogte
guest
0 Reacties
Inline Feedbacks
Bekijk alle reacties