Recently, Chinese malware (backdoor) has been spreading through WordPress. We will explain about this malware.

Characteristics of Malware

This malware has the function of a backdoor, an unauthorized entrance to the hacker’s site.
It displays a list of all files and folders on the server and allows editing of all files.

The features are

$title = '删除文件'; →Delete a file
$title = '查看/编辑 代码'; → edit a file

The malware probably originates from China, where Chinese characters such as “删除文件” are used.

How to deal with Chinese file editing backdoors?

This malware can be detected with the [Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

Once detected, you can delete the entire file.
Also, this malware has file scanning and file editing capabilities, which means that all files in the server (even beyond domain folders) may have been tampered with in some way via this backdoor.

We recommend that you scan all sites on your server with the aforementioned malware scanner and take the necessary security measures.

Related Posts:

  1. It is dangerous to get rid of WordPress malware infected sites one by one!
    If you have multiple WordPress sites on multiple domains under a single contract, and it is clear that several of them are infected with malware (tampered with), it may be dangerous to repair them one by one....
  2. Small.php malware proliferating in various WordPress servers
    We will explain about small.php, a malware that has been expanding recently....
  3. What to do when multiple (or all) sites on a single server are infected with malware
    We are seeing an increasing number of cases of multiple WordPress sites on multiple domains within a single server, all or many of which are infected with malware (viruses and tampering)....
  4. What to do if you have multiple WordPress sites on your server and find that they are infected with malware
    If you have multiple WordPress sites on your server and find that they are infected with malware, here is what to do....
  5. What are the strongest permissions to prevent malware infection in WordPress?
    We will introduce the strongest file write permissions (permissions) to prevent malware infection in cases such as repeated malware infections in WordPress....
  6. How to find hidden malware (tampering) in WordPress
    If WordPress redirects you to a different site or disables some features of the administration panel, you may have been infected with malware. In this case, if the malware has been removed and the site keeps re-infecting itself, it is possible that a backdoor, or malicious program, remains somewhere on the site....