Wp-VCD Malware in WordPress Site
What is WordPress wp-vcd Malware?
We recently saw a new type of malware infecting WordPress websites by leveraging loopholes in outdated plugins and themes. The wp-vcd malware creates backdoors in your website by adding hidden WordPress admin users. Further, some variants of the malicious codes have been seen to modify core WordPress files and also add new files in the /wp-includes directory.
For step by step guide – https://astra.sh/wp-vcd?utm_source=Yo…
1. The wp-vcd malware creates Spam URLs on the website (also referred to as URL Injection)
2. The malware creates a backdoor which allows hackers to have access to your website for extended periods
3.Hackers are able to exploit vulnerabilities in WordPress plugins & themes to upload the wp-vcd malware on vulnerable sites.
Reasons for wp-vcd Malware Hack
1. The most common reason of the hack is the use of a nulled theme – the wp-vcd malware in many cases comes pre-installed with every downloaded theme from nulled theme websites
2. If you are using outdated WordPress plugins & themes for your site.
3. No Web Application Firewall (WAF) installed to block hacking attempts made by hackers
How to clean the wp-vcd malware infection
Search for occurrences of the below files/strings on your server and examine their contents.
Run a diff check of the file contents with corresponding files in the WordPress core GitHub repository or theme/plugin directory. You can use either of the approaches (or both) using SSH or using your IDE.
Approach
1 – Search for files on the server that are usually infected with the wp-vcd hack Approach
2 – Search for string patterns that are found in infected malware files
For step by step guide on Wp-VCD Removal – https://astra.sh/wp-vcd?utm_source=Yo…
For immediate help with Malware Cleanup https://astra.sh/hack-removal
WordPress Plugins for Malware Scanning and Removing
WordPress File Manager (Free) Plugin
Known Vulnerability in All in One Migration Older version:
Most commonly affected files:
– wp-vcd.php, wp-feed.php and wp-tmp.php >> REMOVE THESE FILES
– Theme Function file: function.php >> REMOVE THE LINES BELOW
e.g. of injection:
if (isset($_REQUEST[‘action’]) && isset($_REQUEST[‘password’]) &&….
…
$div_code_name = “wp_vcd”;$funcfile = __FILE__;if(!function_exists(‘theme_temp_setup’)) …
…
}}
//$start_wp_theme_tmp
//wp_tmp
//$end_wp_theme_tmp?><?php
Watch video on how to
Leave a reply
You must login or register to add a new comment .