| Issue: | Some WordPress user are reporting a link-template.php.suspected error message. This is possibly related to a previous security vulnerabilty, or hack that was never fixed. |
|---|---|
| Status: | InMotion Hosting and the WordPress community are currently investigating this report. |
| Who is impacted? | Only some users of WordPress are reporting this issue |
.
Additional information: See the post regarding the “link-template.php.suspected” issue in the Official WordPress Support Forums.
What can I do?
While the WordPress community is still trying to determine the origin of this issue, we have found ways to determine files that may be compromised.
- The following command has been successful in identifying injected code (run it in SSH):egrep -Rl ‘\$GLOBALS.*\\x|function.*for.*strlen.*isset’ public_html
- The following command has been successful in identifying injected code (run it in SSH):
- If you find files that have been injected with code, or hacked, we recommend the following guide:
I’ve been actively working on remediating this hack for a few days now. Documenting it here: https://www.devinyoungweb.com/blog/php-suspected-hack
I would also suggest changing the grep command to this:
egrep -Rl ‘\$GLOBALS.*\\x|function.*for.*strlen.*isset|isset.*eval’ public_html/
It’s a small change but found an additional 20 compromised files for me.