Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Add question

You must login to ask question.

Login

Register Now

Register now and start to ask your questions or share your knowledge with your community and friends with answering their questions. Earn points for trustability.

Wp-VCD Malware in WordPress Site

What is WordPress wp-vcd Malware?

We recently saw a new type of malware infecting WordPress websites by leveraging loopholes in outdated plugins and themes. The wp-vcd malware creates backdoors in your website by adding hidden WordPress admin users. Further, some variants of the malicious codes have been seen to modify core WordPress files and also add new files in the /wp-includes directory.

For step by step guide – https://astra.sh/wp-vcd?utm_source=Yo…

1. The wp-vcd malware creates Spam URLs on the website (also referred to as URL Injection)

2. The malware creates a backdoor which allows hackers to have access to your website for extended periods

3.Hackers are able to exploit vulnerabilities in WordPress plugins & themes to upload the wp-vcd malware on vulnerable sites.

Reasons for wp-vcd Malware Hack

1. The most common reason of the hack is the use of a nulled theme – the wp-vcd malware in many cases comes pre-installed with every downloaded theme from nulled theme websites

2. If you are using outdated WordPress plugins & themes for your site.

3. No Web Application Firewall (WAF) installed to block hacking attempts made by hackers

How to clean the wp-vcd malware infection

Search for occurrences of the below files/strings on your server and examine their contents.

Run a diff check of the file contents with corresponding files in the WordPress core GitHub repository or theme/plugin directory. You can use either of the approaches (or both) using SSH or using your IDE.

Approach

1 – Search for files on the server that are usually infected with the wp-vcd hack Approach

2 – Search for string patterns that are found in infected malware files

For step by step guide on Wp-VCD Removal – https://astra.sh/wp-vcd?utm_source=Yo…

For immediate help with Malware Cleanup https://astra.sh/hack-removal

 

 

WordPress Plugins for Malware Scanning and Removing

WordPress File Manager (Free) Plugin

Known Vulnerability in All in One Migration Older version:

 

 

Most commonly affected files:

– wp-vcd.php, wp-feed.php and wp-tmp.php >> REMOVE THESE FILES
– Theme Function file: function.php >> REMOVE THE LINES BELOW

e.g. of injection:

if (isset($_REQUEST[‘action’]) && isset($_REQUEST[‘password’]) &&….

$div_code_name = “wp_vcd”;$funcfile      = __FILE__;if(!function_exists(‘theme_temp_setup’)) …

}}
//$start_wp_theme_tmp
//wp_tmp
//$end_wp_theme_tmp?><?php

 

Watch video on how to

About Floridify TeamProfessional Badge


Follow Me

Leave a reply