Notice: This thread is over two years old; the information may be outdated. Please consider creating a new thread if you require free support. If you have an active SiteOrigin Premium license, you can email our premium support desk at [email protected].
Hello,
i have severe security issues with my hoster:
-rw-r–r– 1 web16 web16 64331 24. Apr 22:25 wp-content/themes/vantage/premium/images/brands/header.php
These files are being injected in the vantage directory sending mass spams. Any suggestions?
Hi Dominic
What can happen is that a malicious plugin actually modifies the Vantage theme files to add in this code. If you download a fresh copy of Vantage Premium, you’ll see that this file isn’t part of the core theme. Would it be possible for you to email us a zip copy of vantage folder so we can investigate this? You can send it to [email protected].
This is quite a serious issue, so I’d suggest asking your hosts to restore an older backup of your site if possible. Once they do restore it, make sure that the header.php file isn’t there.
Here is a full guide to dealing with a hacked site. Ideally you’ll be able to work with your webhosts to fix the issue. The worst case is that you’ll have to create a backup of your files and database and restore everything on a completely fresh installation of WordPress.
https://codex.wordpress.org/FAQ_My_site_was_hacked
To prevent this kind of issues in the future, make sure that your hosts have set proper file permissions on our wp-content folder. It’s also highly recommended that you only download/use themes and plugins from trusted sources. The WordPress.org directory is a good place to start.