We would like to introduce you to the malware that is installed in the top directory of WordPress.
File structure of the top directory of WordPress
The file structure of the top directory of WordPress is generally as follows.
Folders
wp-admin
wp-content
wp-includes
files
.htaccess
index.php
license.txt
readme.html
wp-activate.php
wp-blog-header.php
wp-comments-post.php
wp-config.php
wp-config-sample.php
wp-cron.php
wp-links-opml.php
wp-load.php
wp-login.php
wp-mail.php
wp-settings.php
wp-signup.php
wp-trackback.php
xmlrpc.php
*In addition to the above, there are often PHP configuration files such as php.ini.
Examples of file configurations of malware-infected sites
The file structure of a case study site where the server has been tampered with and malicious files have been installed is shown below.
You can see that files such as about.php admin.php class.api.php gh.php wp-ldd.php, which should not be part of WordPress, have been installed.
If you find such PHP files that you do not remember installing, malware infection is suspected.
Malware infection can also be written into the original WordPress configuration files.
If you open one of the files, you will find the following obfuscated malware.
If there is even one piece of malware, it is possible that the malware has been installed in a deeper level of WordPress, as hackers are generally able to edit, delete, or add all of the WordPress files and folders.
Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].
We recommend that you use the following malware scanner.
If there is more than one piece of malware that is difficult to remove, or if the malware keeps re-infecting, we recommend that you seek professional help to remove the malware.