Premium WordPress themes are pirated and are used to spread WP-VCD malware. This malware is hidden in legitimate WordPress files. It is used to add secret admin user and allows the hackers to take complete control. The malware was first spotted by Italian cybersecurity specialist Manuel D’orso. The malware was first loaded via a call for wp-vcd.php file and that inject malicious code into the original core files.

1. How To Remove WP-VCD WordPress
Malware Attack?
Elsner Technologies

3. How To Remove WP-VCD WordPress Malware Attack?
Premium WordPress themes are pirated and are used to spread WP-VCD malware. This malware is hidden in legitimate
WordPress files. It is used to add secret admin user and allows the hackers to take complete control. The malware was
first spotted by Italian cybersecurity specialist Manuel D’orso. The malware was first loaded via a call for wp-vcd.php file
and that inject malicious code into the original core files.
This code creates a new secret admin user account called 10000010. The reason to bring this malware was to open a
connection to infected sites so that hackers can carry out attacks later.
Top causes for the WP-VCD malware infection:
● Un-updated plugins & themes
● Pirated & nulled themes
● No proactive security on the website

4. This malware also sent spam messages which led users back to the websites offering pirated themes which helped
them propagate their malware. As we all say, to defeat your enemy we should know(understand) them well. We can’t
remove the malware code before removing the main WP-VCD file. Attackers may try to inject pop advertisements into
your website to spread the malware.

5. They can also transfer if we have downloaded themes from the third party free download sites. These free versions
will create class.theme.php or class.plugin-module.php files which contain the malware code.
This affected WordPress themes gives loopholes in outdated plugins and themes. Hackers are then able to exploit
vulnerabilities in WordPress plugins and themes to upload wp-vcd on different sites. If your site has outdated
WordPress plugins and themes or if you do not have web application firewall, you are more likely to get attacked by
this malware. You can contact a good WordPress development service to solve this.
Your hosting provider is likely to suspend your WordPress account because of wp-vcd malware to protect other
websites. Pages on your website may get redirected to shady websites due to this attack. You will see PHP files
everywhere in your directory.

6. Follow the below mentioned steps to remove WP-VCD malware:
● Creating a backup of the safe files is a better option.
● Firstly, remove WP-VCD.php file from WordPress core. It has file rewritten with malware code by the name
function.php file. A plug-in can be used to find malware code on your website. Or else find them manually and delete
them.
● Before jumping to this delete class.theme-modules.php and class.plugin-modules.php files otherwise, the malware
will be generated again and again.
● Go to the WordPress install directory and you will get a file named wp-includes/wp-vcd.php which contains the
malware. Delete them.
● Delete all the below mentioned files if found in your WordPress install directory:
wp-includes/wp-vcd.php;
wp-includes/class.wp.php;
wp-includes/wp-cd.php;
wp-includes/wp-feed.php;
wp-includes/wp-tmp.php;
● Open the function.php file to remove the malware code

8. Tips to prevent WP-VCD malware from entering the computer:
1. Enable Popup blocker
2. Keep windows updated
3. Try to avoid free third-party downloads
4. Install Anti-virus
5. Have Regular backup facility
Deleting the malware once affected is not an also easy job. This malware tends to infect other areas on the website and
also install different types of malware codes. Hence it is very important to create an effective security strategy which will do
the analysis and completely clean the website.
Extra care is needed to avoid to become the victim of this kind of attacks even with the updated WordPress development
installs. Always monitor and update your themes.

9. Contact us:
Media Contact :
➔ Company name : Elsner Technologies Pvt. Ltd
➔ Website : https://www.elsner.com/
➔ Email : sales@elsner.com
➔ Facebook : https://www.facebook.com/ElsnerTechnologiesPvtLtd
➔ Twitter: https://twitter.com/Elsnertech