Recently, Chinese malware (backdoor) has been spreading through WordPress. We will explain about this malware.

Characteristics of Malware

This malware has the function of a backdoor, an unauthorized entrance to the hacker’s site.
It displays a list of all files and folders on the server and allows editing of all files.

The features are

$title = '删除文件'; →Delete a file
$title = '查看/编辑 代码'; → edit a file

The malware probably originates from China, where Chinese characters such as “删除文件” are used.

How to deal with Chinese file editing backdoors?

This malware can be detected with the [Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

Once detected, you can delete the entire file.
Also, this malware has file scanning and file editing capabilities, which means that all files in the server (even beyond domain folders) may have been tampered with in some way via this backdoor.

We recommend that you scan all sites on your server with the aforementioned malware scanner and take the necessary security measures.