Log in to your account
Sign up

Quickly Resolve WP-VCD Malware Attack on Wordpress

31 July 2019 | 0 comments | Posted by Shamima Ahmed in Geek Chic

wp-vcd malware attack

If you've been a victim to a Malware atatck you know what a pain it can be to get rid of those pesky leeches. Recently one of the websites I manage fell victim to a WP-VCD Malware virus. What I thought would be an annoyingly long process to fix, actually didn't take all too long at all.

How Does WP-VCD Latch Onto A Site?

There are numerous ways malware could attach itself to your site, the most common ways for the WP-VCD malware strand attacks are: 

  • Downloading and installing free pirated premium Wordpress themes and installing them.
  • Downloading and installing free dodgy plugins.

Developers build back doors into the above software, which leaves your site vulnerable to attacks in future.

In my case, I downloaded a premium theme for free a while back to test it before i bought it. Seems a back door was built into the code and it spread through all the local installs, even newer ones.

"Life Lesson: Don't download premium themes and plugins for free!"

Here's how to fix it quickly and easily. 

1. Identify the Malware Type

If you have identified the malware virus and are sure its WP-VCD, then proceed to step 2. If you not sure, the following symptoms might help you troubleshoot this step. 

  • Your site is giving a 500 header status error for an unusual reason.
  • Examine the directory of your domain, if you find a wp-vcd.php file in the /wp-includes/ directory. it most probaly is WP-WCD. 

If you still not sure, try using the Free website security check & malware scanner by Sucuri to identify the issue.

2. Create A Backup

Log into your FTP client and create a backup of your site files on your local. keep these unmodified, in case you delete a file and needs it to be replaced. 

3. Delete The Following Malicious Files

For WP-WCD malware experts starting deleting the following files - I have left comments from my actual fix to use as a guideline as to what worked for me.

  • Delete:class.theme-modules.php and class.plugin-modules.php
    • I could not find these files,  I searched all the folder - the location of these files was not specified.
  • Browse to wp-includes and delete the following files:
    • wp-includes/wp-vcd.php - This is the main file that injects the virus into the other files
    • wp-includes/class.wp.php - Did not Delete this one, as it broke the styles on the website. I did inspect it to find any wcd injections and nothing was found.
    • wp-includes/wp-cd.php - This file was not found either.
    • wp-includes/wp-feed.php - Deleted with no issues
    • wp-includes/wp-tmp.php - Deleted with no issues

4. Delete Malicious Code From The Theme Functions.php File

  • Browse to your theme file location to find the theme functions.php file. The path usually looks something like:
    \wp-content\themes\{choose your active theme}
  • Open the functions.php file. and remove the malware code.
  • This is usually about 150 or more lines inserted in the first function 
  • wp-vcd code in functions.php file
  • Save and you should be good to go!

5. Delete Suspicious Users

Check both database users and WP website users to see if any suspicious accounts were created. Delete these.

6. Install Protection on your site

Install a Wordpress plugin to help identify and protect your site against malware. I recommend Wordfence Security – Firewall & Malware Scan, which helps identifies and blocks malware.

How Have You Managed To Eradicate Malware? 

Have you had a site attacked by hostile malware virus? How did you manage to evade the attack? Share your story with us in the comments below. 

Are you looking to promote your business?

South African digital businesses can create your free business listing on nichemarket. The more information you provide about your business, the easier it will be for your customers to find you online. 

Registering with nichemarket is easy; all you will need to do is head over to our sign up form and follow the instructions. If you require a more detailed guide on how to create your profile or your listing, then we highly recommend you check out the following articles.

Recommended reading

If you enjoyed this post and have time to spare why not check out more WordPress Tips:


Tags: wordpress, malware, wp-vcd

Previous: {{ previousBlog.sTitle }}

Posted {{ previousBlog.dtDatePosting }}

Next: {{ nextBlog.sTitle }}

Posted {{ nextBlog.dtDatePosting }}

You might also like

Promote accepting Bitcoin

How To Advertise That Your Business Accepts Bitcoin

10 February 2024

Posted by Che Kohler in nichemarket Advice

A marketing plan for any merchant looking to tap into the Bitcoin circular economy by offering goods and services for direct exchange for Bitcoin

Read more
Picking a forex pair to trade

How To Choose A Currency Pairs for Forex Trading

02 February 2024

Posted by Edward Fourie in Money Talks

A detailed guide for those looking to get into forex trading and would like to know which pairs are the best to start with and the pros and cons of e...

Read more

Leave us a comment


{{comment.iDayLastEdit}} day ago

{{comment.iDayLastEdit}} days ago


Sign up for our newsletter