Where to find hacked / compromised files in WordPress?
Where to find hacked / compromised files in WordPress?
WordPress is prone to hacking. To minimise the risk of your site being compromised it is important to ensure you are carrying out these 2 core tasks regularly:
- Keep WordPress software updated to the latest version / release.
- Update all WordPress plugins on a regular basis.
However, WordPress is not water tight and there are many files and folders that are viewed as weaker / less secure than others.
The biggest culprit for a site being hacked is PLUGINS. The most common place to find hacked files / scripts is in folder UPLOADS.
Site owners very rarely check the uploads folder, and with it being one of the only (consistent) public folders in a WordPress installation, it is easy pickings for hackers and makes the perfect hiding place. Especially if settings are set to organise media by month / year.
So if you are worried that your site may have been compromised, navigate to yourdomain.com/wp-content/uploads/ and start checking the folders with a fine tooth comb. Compromised files usually stand out like a sore thumb as they will be scripts such as xyz.php amongst .jpg and .png image files.
This page also gives some good advice on this subject. For more advanced users this page also provides additional useful info.
