I installed wordpress latest version in Ubuntu 16.04 with nginx. But after some days of installation I see some unknown file in root directory.
like alias99.php. How to prevent/block this. I already add
location ~ /\. {
deny all;
}
location ~ ^/wp-content/uploads/.*\.php$ {
deny all;
}
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
in conf file. How can ensure security level. Thank you.
To find out more about that file:
stat on it. Does it have a ctime of just now? In other words, was it really just put there?cat the file. Can you post it in your question?To continue on the security of Wordpress, I personally feel that webapps should not be able to write to itself. In other words, your files, and probably the dir it's located it, is owned by www-data. Yeah, it's convenient for Wordpress' auto-update feature, but it's really just a bad idea. The fact that Wordpress recommends this approach is beyond me.
What you should do instead, change the unix owner of all the files to some dedicated user, and use wp-cli as that user to upgrade Wordpress.
Having said all this, if this is a new Wordpress and it's already compromised, you may be dealing with something outside Wordpress.
