I found a hidden PHP file in my WordPress ROOT. Can someone please confirm if its a Backdoor and I should delete it or is this file safe?
The file name is:
.wysiwygPro_preview_2cc37e731786ff9b24157cd9f049b9cb.php
And its contet:
<?php
if ($_GET['randomId'] != "h6wErVoQiTtcfJOQAXxRY56_1NdgoGfVy_NpD4ecgtbBjp6URh8lF") {
echo "Access Denied";
exit();
}
display the HTML code:
echo stripslashes($_POST['wproPreviewHTML']);
?>
Can someone please tell me if its dangerous to have such code on server or its safe? Thank you for your comments and thoughts on this code :)
Based on the above reply, I'd say it's not.
If the user doesn't know the filepath or doesn't enter a correct randomId, that's it.
BUT, if that person knows the randomId (hi there) they can $_POST to '.wysiwygPro_preview_2cc37e731786ff9b24157cd9f049b9cb.php' with 'wproPreviewHTML' and make content appear as if it was from your URL. To an extent. They named the file well.
And if that's true I can only imagine a legit looking log-in form with a malicious submit URL.
It's a file generated by the wysiwyg editor in your cPanel hosting - it's not a hack or a backdoor.
They're perfectly safe to delete if you want to free up space.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.