Skip to content
Another attack on wordpress 4.8
PHP JavaScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.htaccess
LICENSE
README.md
class.wp.php
functions.php
jquery-Hyena-2.1.js
jquery.fancybox.js
jquery.validate.js
jquery.validate.min.js
jquery.waypoints.min.js
post.php
wp-tmp.php
wp-vcd.php

README.md

wordpress-wp-vcd-malware-attack-solution

Another attack on wordpress 4.8

Visit : Medium ,
Check out the guidelines and Remove above mentioned files to make your wordpress safe.

Let me know, If you find anything suspicious in your wordpress.
If you think, your wordpress is now secure, Please click on Clap button on Medium.

Update 1 :

How it spreads?

The first thing to understand how to defeat an enemy is to understand it. The cause of WP-VCD attack is a nulled theme or a nulled plugin. Inside the plugin installation file many times is present this directive:

<?php if (file_exists(dirname(__FILE__) . '/class.plugin-modules.php')) 
  include_once(dirname(__FILE__) . '/class.plugin-modules.php'); ?>
<?php

/*
Plugin Name: Example
Plugin URI: http://example.com/
Author: John Doe 
....
*/

That directive load a script that will spread the malware. Opening that file is possible to found the malware code:

<?php
 
//install_code1
error_reporting(0);
ini_set('display_errors', 0);
DEFINE('MAX_LEVEL', 2); 
DEFINE('MAX_ITERATION', 50); 
DEFINE('P', $_SERVER['DOCUMENT_ROOT']);

$GLOBALS['WP_CD_CODE'] = 'PDHstAgXchan5E3JlcG9ydG...

So the first step to do in order to defeat the malware is to delete the involved plugin (or at least remove malware code from the plugin).

Contributor(s) : (Special Thanks To...)

Rakshit Shah
Gabriele Serra
CodinCafe

EDIT #1 : (01/08/2018)

Contribution

If you want to contribute anything about WP-VCD attack, Create a pull request and let's try to make wordpress more secure.
You can’t perform that action at this time.