DEV Community

Discussion on: Malicious PHP I found on a colleague's website 🦠

phantas0s profile image
Matthieu Cneude

Nice job!

I've a question: how does this code ended up on the server of your friend?

For now, my conclusion is: don't use Wordpress. I've so many requests on my server trying to connect to the Wordpress admin (even if my website is not a wordpress), it's insane.

rat profile image
🐁 Author

Thanks for the comment.

My friend thinks it may be to do with his comment fields: potentially not sanitizing inputs.