Remove hack files from WordPress

Remove hack files from WordPress
datum-geschreven 20 Dec 2023

You can recognize from the names of the hack files that they are related to programming; about 50% of the hack files have a logical structure that a programmer would develop.

Some of the most common hack files:

  • test.php
  • cache.php
  • files.php
  • options.php
  • view.php
  • diff.php
  • start.php
  • plugin.php

Note: These files can also exist in WordPress, so don’t remove them solely based on their names.

How do you identify if it’s a hack file?

In about 90% of the cases, the file contains a messy jumble of code—a base64-encoded code without any logic or formatting.

code example

Where can you find these hack files on your site?

They can be found in any directory. Although the “uploads” directory is a favorite target because it’s often writable, a hacker/hackbot can place files throughout your entire website.

If you want to systematically remove the files:

First, make a backup!

You can divide your WordPress website into 5 parts:

  1. WordPress core (try to refresh it completely)
  2. The plugins directory
  3. The themes directory
  4. The uploads directory
  5. The container directories

The plugins directory

This directory should only have an index.php file and the plugins. Refresh the plugins wherever possible, or check the modification dates to find the hack files.

The themes directory

This directory should also have an index.php file and one theme. Remove the themes that you don’t use!

The uploads directory

There should be NO PHP files in this directory. You can remove any PHP file.

The container directories

The “wp-content” directory usually contains only an index.php file and the directories mentioned above (2, 3, 4).

The “languages” directory should only contain language files and no PHP files.

The “upgrade” directory is used only for temporary upgrade files and is usually empty.

In conclusion

Removing all the hack files is a significant task and requires considerable knowledge.

And that’s not even considering the lines of hack code that are injected into your existing files. You can find these by checking the modification dates, and this code is often placed above or below the original code.

The more you know, the easier it is to remove hack files.

Good luck!

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties