Mysterious File on WP Site
-
Recently, we found the following file on a client wordpress site after they had been attacked (basically indx.php was renamed”. Easy fix tho.
File Name: wp-setitings -NOT wp-settings – see the spelling.
We have several clients with WP sites and no other site has this file.
It was created on ay 24, 2024. The people that built the WP no nothing about this file and we’ve setup a basic WP site an this file is nowhere to be found.
Does anyone know what this is???
-
Hello @rgutery7b9e672ee8,
It appears that the file “wp-setitings” is not a legitimate WordPress core file and could be a result of malicious activity. The correct file should be “wp-settings.php.” Since this file appeared after an attack, it’s likely that it was introduced by the attackers.Here are some steps you can take to address this issue:
Delete the File: Remove the “wp-setitings” file from your server.
Check for Other Malicious Files: Scan your site for other suspicious files. Tools like Wordfence or Sucuri can help with this.
Update Everything: Ensure WordPress core, themes, and plugins are up to date.
Change Passwords: Update all passwords associated with your WordPress site, including database, FTP, and admin accounts.
Review User Accounts: Check for any unauthorized user accounts in your WordPress dashboard.
Enhance Security: Consider implementing additional security measures such as two-factor authentication, security plugins, and regular backups.
I hope this will help.
Regards,
- The topic ‘Mysterious File on WP Site’ is closed to new replies.
WordPress.com Forums 