Security issues created to WordPress installation

Received this warning in Google Chrome last night when i tried to open my website jogindernagar.com built in WordPress.

Warning: Something's Not Right Here!
www.jogindernagar.com contains malware. Your computer might catch a virus if you visit this site.

I immidiately tried some anti-virus and security plugins and found a reference to some non-familiar files on my server. (I stil wonder how were these files placed on my server.). The scan results showed reference to a non familiar file named wp-includes/wp-var.php. The php file ran an eval() script as shown below:

I visited Google Webmaster Tool for more information and found 4 references to URL with malware. Here’s one:

Obviously, the wp-count.php was another php file created to support the malware. I did another manual comparison on WordPress files and found more non-wordpress files having eval() and un-friendly php code in them.

I thought this information may be helpful for someone trying to remove the similar malware infection and code injection breaches.

Complete list of malware files found on my server:
wp-includes/wp-var.php
wp-count.php
wp-apps.php
wp-register.php

Some helpful Security, Antivirus and Scanning plugins for WordPress:

Wordfence Security (it fixed all my issues)
Better WP Security
WP Security Scan
AntiVirus

I am submitting a review request to Google right now. Let’s hope everything is fine now.

Leave a Reply

Your email address will not be published. Required fields are marked *