Security Web Hosting Wordpress

Cleaning .class-wp-cache.php WordPress Hacked Site

WordPress websites are commonly compromised to do a variety of malicious behaviours so there isn’t a one fix solution to all the WordPress problems out there.

I hope that this quick read helps someone sometime to clear off left behind files from a recent WordPress compromise that I was looking into where I spotted a certain file appearing in each and every folder on the account.

The file at first seemed part of WordPress due to its name – “.class-wp-cache.php” – but after seeing it a number of times, I thought I’d take a look and see what it actually is.

Google search for “.class-wp-cache.php” shows some similar names; so it may be misleading to think it is part of WordPress. Digging in, the code was not obfuscated so I was able to quickly skim through and see it was going to be used to do some cURL requests.

Due to time constraint, I didn’t investigate further on what it was used to do and how it was put in every folder. I imagine the attacker left these behind to come back to the site after it was fixed, hoping to re-infect it again.

I proceeded to clean this infection; and realised that it would take a long time to do this manually. For anyone else needing to clean this sort of attack quickly, here are some shell commands.

1. Use the following to find where the file exists;

[[email protected] public_html]# find . -name .class-wp-cache.php

2. Use the following to delete these files from everywhere;

[[email protected] public_html]# find . -name ".class-wp-cache.php" -exec rm -rf {} \;

Don’t forget to secure WordPress instance with the usual best practices:

  • Use a very strong password for WordPress admin
  • Make sure to have a username that is not called admin
  • Update WordPress core to the latest version
  • Remove plugins that are not active or in-use
  • Update all the Plugins to their latest versions
  • Remove themes not in use
  • Update the theme in use to the latest version
  • Setup a firewall plugin like Wordfence

All the best.

Search Engine Optimization

Help! I’m using wordpress and my site disappeared from all search engines.

After a really long time of absence in maintaining my own personal website, I decided to install wordpress blog to get my site back online quickly. Without going over the settings thoroughly, I was happy that my site was back online quickly. I started blogging and hoping my blog posts would have a good impact on search engine results. Unfortunately, my site disappeared from search engines completely!

If you recently installed wordpress and are wondering why your site is not on any search engines, the culprit is the privacy options in wordpress. By default – it is set to reject all search engines besides normal visitors by setting the robots meta tag to noindex, nofollow.

The good thing is that it’s really easy to fix this. Follow the instructions below and you’ll be on your way to wait for Google & other search engine bots to crawl your site again.

  1. Log into WordPress Administration Area (wp-admin)
  2. Go to Settings > Privacy
  3. Select: I would like my blog to be visible to everyone, including search engines (like Google, Sphere, Technorati) and archivers
  4. Save settings

I hope this helps.

Happy Blogging!