My wordpress website have just been hacked and after looking at logs I saw that they exploited this file: www/wp-content/themes/mytheme/style.php
When browse this link www.mywebsite.com/wp-content/themes/mytheme/style.php I find an input field with a button. So I guess that’s where they uploaded their shell script.
$wp_auth_check = '<form method= "post" action= ""> <input type= "input" name= "_f_wp" value= ""/><input type= "submit" value= ">"/></form>';
How can I solve this vulnerability? Thanks
Read more here: WordPress vulnerability issue