Recent common places to find malicious hack scripts in WordPress
If your WordPress website has been hacked and you find a malicious file hidden away in the depths of your domain directory, the chances are there are other malicious files in other directories.
Sometimes when you find a script and remove it you think that is the end of it, only to continue to have problems such as mail spam from your server or compromised web pages promoting hyperlinks or malware downloads. This means there are other files hidden and possibliy a backdoor script allowing easy re-access to your server.
The best thing to do is:
- Seek help of a developer or someone experienced in this field.
- Run a Maldat server scan on your entire root directory to find malicious scripts.
- Check the following directories and files for some common (recently used) hacker scripts:
- Note – although these files have different names, they all contain the same malicious script code. Remove them from your server completely.