My wordpress website have just been hacked and after looking at logs I saw that they exploited this file: www/wp-content/themes/mytheme/style.php

When browse this link www.mywebsite.com/wp-content/themes/mytheme/style.php I find an input field with a button. So I guess that’s where they uploaded their shell script.

$wp_auth_check = '<form method= "post" action= ""> <input type= "input" name= "_f_wp" value= ""/><input type= "submit" value= "&gt;"/></form>';

How can I solve this vulnerability? Thanks

Read more here: WordPress vulnerability issue


Solution:

If you know the solution of this issue, please leave us a reply in Comment section, to update the question.


Wordpress related questions and answers: