Photocracti Theme Hacked – Need Assistance

  • Author
  • #970515


    3 days ago I went to pull up my WordPress Blog login & it took me to some crazy, militant Serbian website. I contacted my hosting company (Bravenet) and was advised that there were serious, known issues about that Photocrati theme as follows:

    “I was able to confirm that version of photocrafti-theme does allow people to break into the site via a remote exploit. To prevent this from happening in the future, I would contact the people who provided that theme for a solution, or switch to another theme.”

    wp-content/themes/photocrati-theme/galleries/post-/full/wso.php – Obfuscated PHP code
    wp-content/themes/photocrati-theme/galleries/post-/full/r577.php – Looks to be a PHP based backdoor
    wp-content/themes/photocrati-theme/galleries/post-/full/murad/Sharp_Cyber.SQL – looks like it’s designed to get information about the webserver
    wp-content/themes/photocrati-theme/galleries/post-/full/murad/domain.shh – more info gathering
    wp-content/themes/photocrati-theme/galleries/post-/full/murad/.htaccess – used to run the scripts
    wp-content/themes/photocrati-theme/galleries/post-/full/c100.php – another backdoor shell

    Looks like the photocrati-theme allows people to upload images, and someone used it to upload a php file designed to compromise the website.

    To fix it, I would start by deleting the following:

    I found that file that was recommended for deletion but when I attempt to delete it it tells me its either empty and/or I don’t have permission to delete it.

    Can someone please tell me – in very simple steps – how to get rid of this photocrati garbage & get my blog back? I would appreciate all recommendations.

    Thanks !

    They have also modified the following files, which should be replaced with clean copies from wordpress:



    You did not specify a blog address or reason for posting when you created this topic.

    This support forum is for blogs hosted at If your question is about a self-hosted WordPress blog then you’ll find help at the forums.

    If you don’t understand the difference between and, you may find this information helpful.

    If you forgot to include a link to your blog, you can reply and include it below. It’ll help people to answer your question.

    This is an automated message.



    The blog is:

    But I have it disabled because its been hacked & I’m worried it probably carries a virus & did not want that to spread to people who read our blog daily.



    It’s clear to me that your question is about a self-hosted WordPress blog and you’ll find help at the forums.
    read >



    This is the support forum. Here we provide support only for blogs that hosts and that site is not one of them.



    Thanks timethief. I will try there & appreciate your reply.



    You’re welcome and best wishes.

The topic ‘Photocracti Theme Hacked – Need Assistance’ is closed to new replies.