Viruses that come as filenames wp-feed.php wp-tmp.php and wp-vcd.php located in the wp-includes folder are the product of an unsafe site and negligent site management.
Until now, these viruses appeared as a product of nulled (cracked) themes. These are themes that were not purchased like on the themeforest sites, but are premium themes, but they were downloaded from some site.
The hacker bought these themes regularly and then inserted a virus into them and posted them on free download sites. You download that topic and put it on your site and then the virus starts spreading.
What does this virus actually do? It can do many things, insert links on your site to create a backlink base (the most harmless), redirect visits to your site to some other usually porn sites, or send spam. Due to spam, the account is usually suspended and there is a possibility that the problem will not be solved and it will lead to a permanent suspension.
How do you know if your site is affected by this?
Simple. Your account will have some of the following files:
- wp-includes/wp-vcd.php
- wp-includes/wp-tmp.php
- wp-content/themes/*/functions.php (there is problematic code here that allows the installation of all infected files, all themes on the account, whether active or not)
- class.wp.php
- admin.txt
- codexc.txt
- code1.php
- class.theme-modules.php (inside theme folder)
in cPanel you can search by entering the File Manager and on the right you have search and enter the file names if they appear then you are in trouble.
Can the site be cleaned?
Theoretically, it can. Practically, it cannot. Why can't he? Because the virus got in and the question is which files did it change. Maybe the virus is in the database and maybe it is hidden as an image. It is not only these files, they are obvious, but it is not known exactly what can be infected.
What is the solution?
- Restore the backup if there are no viruses there, then immediately delete the topic and upload a new one (this means creating the site again only without entering texts and images).
- Create a site from scratch with a purchased theme at themeforest.com for no more than $59.
You don't have a problem, but how can you protect yourself?
Do not install any themes from some forums and sites that have not been purchased. Even the installation itself starts automatically, and even if you delete it, the hacker already has access to your account automatically.
Protection is quite simple and consists of regular updates of the theme, plugins, and wordpress itself. Not to download and install themes and plugins from various sites and forums.
Do you need a paid protection plugin?
No. As long as you are regular with updates and have a regular update topic, you don't need to worry.
