I have recently found a nasty hack inside one of my clients’ sites, based on WordPress. Turned out that the site got hacked, and WSO Web Shell was injected in several files, one in the theme, and one in Akismet plugin.
Here’s the code, if you’re curious.
So, I have used this .php file to find all occurrences of “wso” inside my server.
Read our comment policy before commenting! Comments such as "Thank you!", "Awesome!", "You're the man!" are either marked as spam or stripped from URL.