Log in to your account
Sign up

Quickly Resolve WP-VCD Malware Attack on Wordpress

31 July 2019 | 0 comments | Posted by Shamima Ahmed in Geek Chic

wp-vcd malware attack

If you've been a victim to a Malware atatck you know what a pain it can be to get rid of those pesky leeches. Recently one of the websites I manage fell victim to a WP-VCD Malware virus. What I thought would be an annoyingly long process to fix, actually didn't take all too long at all.

How Does WP-VCD Latch Onto A Site?

There are numerous ways malware could attach itself to your site, the most common ways for the WP-VCD malware strand attacks are: 

  • Downloading and installing free pirated premium Wordpress themes and installing them.
  • Downloading and installing free dodgy plugins.

Developers build back doors into the above software, which leaves your site vulnerable to attacks in future.

In my case, I downloaded a premium theme for free a while back to test it before i bought it. Seems a back door was built into the code and it spread through all the local installs, even newer ones.

"Life Lesson: Don't download premium themes and plugins for free!"

Here's how to fix it quickly and easily. 

1. Identify the Malware Type

If you have identified the malware virus and are sure its WP-VCD, then proceed to step 2. If you not sure, the following symptoms might help you troubleshoot this step. 

  • Your site is giving a 500 header status error for an unusual reason.
  • Examine the directory of your domain, if you find a wp-vcd.php file in the /wp-includes/ directory. it most probaly is WP-WCD. 

If you still not sure, try using the Free website security check & malware scanner by Sucuri to identify the issue.

2. Create A Backup

Log into your FTP client and create a backup of your site files on your local. keep these unmodified, in case you delete a file and needs it to be replaced. 

3. Delete The Following Malicious Files

For WP-WCD malware experts starting deleting the following files - I have left comments from my actual fix to use as a guideline as to what worked for me.

  • Delete:class.theme-modules.php and class.plugin-modules.php
    • I could not find these files,  I searched all the folder - the location of these files was not specified.
  • Browse to wp-includes and delete the following files:
    • wp-includes/wp-vcd.php - This is the main file that injects the virus into the other files
    • wp-includes/class.wp.php - Did not Delete this one, as it broke the styles on the website. I did inspect it to find any wcd injections and nothing was found.
    • wp-includes/wp-cd.php - This file was not found either.
    • wp-includes/wp-feed.php - Deleted with no issues
    • wp-includes/wp-tmp.php - Deleted with no issues

4. Delete Malicious Code From The Theme Functions.php File

  • Browse to your theme file location to find the theme functions.php file. The path usually looks something like:
    \wp-content\themes\{choose your active theme}
  • Open the functions.php file. and remove the malware code.
  • This is usually about 150 or more lines inserted in the first function 
  • wp-vcd code in functions.php file
  • Save and you should be good to go!

5. Delete Suspicious Users

Check both database users and WP website users to see if any suspicious accounts were created. Delete these.

6. Install Protection on your site

Install a Wordpress plugin to help identify and protect your site against malware. I recommend Wordfence Security – Firewall & Malware Scan, which helps identifies and blocks malware.

How Have You Managed To Eradicate Malware? 

Have you had a site attacked by hostile malware virus? How did you manage to evade the attack? Share your story with us in the comments below. 

Are you looking to promote your business?

South African digital businesses can create your free business listing on nichemarket. The more information you provide about your business, the easier it will be for your customers to find you online. 

Registering with nichemarket is easy; all you will need to do is head over to our sign up form and follow the instructions. If you require a more detailed guide on how to create your profile or your listing, then we highly recommend you check out the following articles.

Recommended reading

If you enjoyed this post and have time to spare why not check out more WordPress Tips:


Tags: wordpress, malware, wp-vcd

Previous: {{ previousBlog.sTitle }}

Posted {{ previousBlog.dtDatePosting }}

Next: {{ nextBlog.sTitle }}

Posted {{ nextBlog.dtDatePosting }}

You might also like

Applying for a credit card in South Africa

How To Apply For A Credit Card In SA

17 June 2024

Posted by Che Kohler in Money Talks

A detailed break down of everything you need to know before you approach the banks to apply for a credit card in South Africa and how to use this fin...

Read more
Improve engagement on facebook posts

10 Techniques To Increase Engagement on Facebook

20 June 2024

Posted by Ryta Musyenko in Industry Experts

Increase your Facebook engagement rate on your posts with our simple, easy-to-follow strategies and revive your brands presence on the biggest social...

Read more

Leave us a comment


{{comment.iDayLastEdit}} day ago

{{comment.iDayLastEdit}} days ago


Sign up for our newsletter