When i scan my whole network with Secure wordpress, some critical errors are being found. It displays that Executable files found in Wordpress uploads directory like this /home/mysite/public_html/blogs/wp-content/uploads/wpcf7_captcha/966600469.php /home/mysite/public_html/blogs/wp-content/uploads/wpcf7_captcha/1195351108.php. I dont know if i need to clean these filed from directory or just ignore it. In their suggestion, they say "Analyze the contents of this file. If the file is malicious, delete it immediately from your system". Now, how can i analyze this file? Another thing, i have installed flexibility theme in my site and after scanning, it also mentions the theme file being malicious (/home/mysite/public_html/blogs/wp-content/themes/flexibility3/functions.php). Need urgent suggestions!!
Change the file permission. right click on the file and go its permissions and then change its permission and make it not readable, excusable and writable. Alternately you can del it because in "upload folder" wp mostly store images, not php files.
Start with securing your uploads folder Create an empty index.php file inside uploads folder This way none can look in to its content. By default uploads folder is not secure. Also make sure this index file has permission set to 755 Otherwise you wont be able to upload anything. More WP security tips here :http://www.askfrank.net/how-to-secure-wordpress-blog-from-being-hacked-2012/