Login close
 

Become a Beta Tester for WebsiteDefender and Try Out the New WordPress Backup Feature!

WebsiteDefender took the final step towards the end of its Beta stage today. We are looking for 300 Beta Testers that will review WebsiteDefender’s new and exciting features such as automated backups of your entire website, including backup for WordPress databases and easy restoration, security ch […]

Announcing the New WebsiteDefender WordPress Security Plugin

After taking over the two most popular WordPress security plugins: WP Security Scan and Secure WordPress, we are pleased to announce the release of WebsiteDefender WordPress Security plugin, which brings together the best features from the other two plugins into a new and more capable tool to h […]

Secure your website now
with WebsiteDefender

WebsiteDefender.com » Alerts, WordPress Security » An Executable File Was Found In The WordPress Uploads Directory

An Executable File Was Found In The WordPress Uploads Directory

Submitted by Chrysostomos Daniel on December 5, 2011 - 10:48 am 5 Comments

Alert group:

Executable file found

WebsiteDefender test:

During this test WebsiteDefender checks the Uploads directory for executable files.

Repercussions:

By default, it is not possible to upload PHP or other executable files into the WordPress uploads directory. Hackers might upload malicious executable files into the Uploads directory purely because in a typical WordPress installation it’s the only directory with write permissions assigned; meaning it is the only directory that can run vulnerable or malicious code. The presence of an executable file in the uploads directory may indicate that your WordPress security was compromised. If the executable was uploaded without authorization then a malicious might have placed and executed it. If this is the case, then the malicious user could also have full access rights to the site and might gain full control of the web server. Depending on the hazardous nature of the executable file, your WordPress blog might be at serious risk of being used for further attacks.

Fix:

Analyze the contents of this file. If the file has been found to be malicious, or is able to execute malicious actions, delete it immediately from your web server. You should contact your web server administrator or developer and check if the file has been stored there legitimately.An extra security measure is to further restrict what kind of files the upload directory will store based on their extensions. Also, for maximum blog security, never give 777 permissions to the WordPress uploads directory.

Tags: , ,

1 Trackbacks/Pingbacks

  1. Pingback: Fix stuck pixel With Pixel Exerciser 1.1.0.0 | Daily Freeware Download on December 8, 2011

4 Comments

  1. Aaron C. Yeagle December 6, 2011

    So, almost every site I have shows this issue where I have CAPTCHA installed for use with “Contact Form 7″ in WordPress. I look into this file and a php file exists with one line of code and nothing that looks like an exe file. Ideas?

  2. Robert Abela December 7, 2011

    Hi Aaron,

    In “web terms” a PHP file is an executable file.

  3. Geoff January 11, 2012

    I’ve noticed the same repeated messages about Contact Form 7. Perhaps the plugin keeps downloading new CAPTCHA issues? Is anyone aware of any vulernabilities with Contact Form 7? Anything that should be done to tighten up security…..short of using another plugin?

  4. Geoff January 11, 2012

    meant CAPTCHA “images” not “issues”

Post a comment

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS. Be nice. Keep it clean. Stay on topic. No spam.

 

About WebsiteDefender
WordPress Security Plugins
Help and Support
Web Security Blog

Privacy Policy | Terms of Service | Copyright © 2012 Acunetix | All trademarks and registered trademarks are the property of their respective owners.