WordPress link-template.php.suspected Issue

Issue: Some WordPress user are reporting a link-template.php.suspected error message. This is possibly related to a previous security vulnerabilty, or hack that was never fixed.
Status: InMotion Hosting and the WordPress community are currently investigating this report.
Who is impacted? Only some users of WordPress are reporting this issue

.

Additional information: See the post regarding the “link-template.php.suspected” issue in the Official WordPress Support Forums.

What can I do?

While the WordPress community is still trying to determine the origin of this issue, we have found ways to determine files that may be compromised.

    • The following command has been successful in identifying injected code (run it in SSH):
      egrep -Rl ‘\$GLOBALS.*\\x|function.*for.*strlen.*isset’ public_html
  • If you find files that have been injected with code, or hacked, we recommend the following guide:

Recovering after a Hack

JB
John-Paul Briones Content Writer II

John-Paul is an Electronics Engineer that spent most of his career in IT. He has been a Technical Writer for InMotion since 2013.

More Articles by John-Paul

Thoughts on “WordPress link-template.php.suspected Issue

  • I’ve been actively working on remediating this hack for a few days now. Documenting it here: https://www.devinyoungweb.com/blog/php-suspected-hack

    I would also suggest changing the grep command to this: 

    egrep -Rl ‘\$GLOBALS.*\\x|function.*for.*strlen.*isset|isset.*eval’ public_html/

    It’s a small change but found an additional 20 compromised files for me.

Was this article helpful? Let us know!