When checking my uploaded website files I found two files 'manifest.php'
and 'mail.php'.
I didn't put them there and they are not in my local site.
Are they important, essential or can I delete them.
Jim the Geordie wrote:
When checking my uploaded website files I found two files
'manifest.php' and 'mail.php'.
I didn't put them there and they are not in my local site.
Are they important, essential or can I delete them.
I asked Grok about this (using your words as such), and it said:
Delete both files immediately.
manifest.php and mail.php are not legitimate WordPress (or any standard
CMS) core files, and if you didnrCOt upload them, they are almost
certainly malicious backdoors planted by a hacker.
Why These Files Are Dangerous
mail.php
Commonly used by attackers to send spam emails from your server.
Often contains code to abuse PHPrCOs mail() function or connect to
external SMTP servers.
Can get your server IP blacklisted and your hosting account suspended.
manifest.php
Frequently used as a web shell or admin panel for hackers.
Allows remote code execution, file uploads, database access, etc.
Often disguised with fake comments like // WordPress cache manifest to
avoid detection.
Immediate Actions (Do This Now)
Delete both files via FTP/cPanel File Manager (do not open or view them
in a browser).
Scan your entire site with a malware scanner:
Use Wordfence (free version is fine) or Sucuri SiteCheck.
Or upload phpMalwareScanner via SSH.
Change all passwords:
Hosting account
FTP/SFTP
WordPress admin
Database
Update everything:
WordPress core
Themes (especially nulled/pirated ones)
Plugins
Check file permissions:
Folders: 755
Files: 644
wp-config.php: 600
Look for other suspicious files (common locations):text/wp-includes/ /wp-content/uploads/
/wp-content/themes/[your-theme]/
/wp-admin/Look for:
Files with random names (e.g., index.php in wp-includes)
Recently modified core files
Base64-encoded PHP code
How Did This Happen?
Common causes:
Outdated WordPress, plugin, or theme (especially nulled themes)
Weak passwords (admin, FTP, database)
File upload vulnerability (e.g., in a form or plugin)
Compromised computer (keylogger, infected local site)
After Cleanup
Install Wordfence or iThemes Security.
Enable 2FA on WordPress and hosting.
Disable file editing in wp-config.php:phpdefine('DISALLOW_FILE_EDIT',
true);
Consider a clean reinstall of WordPress core files (keep wp-content and wp-config.php).
Summary
FileSafe?Actionmail.phpNODELETEmanifest.phpNODELETE
You did NOT upload them raA Someone else did raA They are backdoors.
Act fast. Your site is compromised until these are removed and the entry point is closed.1,9sRapide
Change all passwords:
Hosting account
FTP/SFTP
WordPress admin
Database
When checking my uploaded website files I found two files 'manifest.php'
and 'mail.php'.
I didn't put them there, and they are not in my local site.
Are they important, essential, or can I delete them?
Jim the Geordie
(Message also sent to alt.html)
From https://www.reddit.com/r/libgen/comments/yl09d3/what_is_a_php_file_and_how_to_read_it/>
(Message also sent to alt.html)
On Thu, 13 Nov 2025 11:51:09 +0000, Jim the Geordie wrote:
When checking my uploaded website files I found two files 'manifest.php'
and 'mail.php'.
I didn't put them there, and they are not in my local site.
Are they important, essential, or can I delete them?
Jim the Geordie
(Message also sent to alt.html)
"Things that end with .php are supposed to be for 'hypertext
preprocessor, which is used to add elements and do other things to
Web pages before a user sees them."
From https://www.reddit.com/r/libgen/comments/yl09d3/what_is_a_php_file_and_how_to_read_it/>
Your web host probably puts them in every website; my previous host
did. (Siteground, my current host, does not.) You could ask their
tech support about deleting them. Otherwise I would leave them along, particularly if their last-modified date is before your latest
upload. You don't want to risk breaking your own website!
(Message also sent to alt.html)
Surely you know better than to do that! If your article is relevant
to two newsgroups, you should crosspost, not start new threads in
multiple newsgroups.
On 15/11/2025 22:59, Stan Brown wrote:
On Thu, 13 Nov 2025 11:51:09 +0000, Jim the Geordie wrote:
When checking my uploaded website files I found two files 'manifest.php' >>> and 'mail.php'.
I didn't put them there, and they are not in my local site.
Are they important, essential, or can I delete them?
Jim the Geordie
(Message also sent to alt.html)
"Things that end with .php are supposed to be for 'hypertext
preprocessor, which is used to add elements and do other things to
Web pages before a user sees them."
From https://www.reddit.com/r/libgen/comments/yl09d3/what_is_a_php_file_and_how_to_read_it/>
Your web host probably puts them in every website; my previous host
did. (Siteground, my current host, does not.) You could ask their
tech support about deleting them. Otherwise I would leave them along,
particularly if their last-modified date is before your latest
upload. You don't want to risk breaking your own website!
Sorry. I thought it was the other way round :o?(Message also sent to alt.html)
Surely you know better than to do that! If your article is relevant
to two newsgroups, you should crosspost, not start new threads in
multiple newsgroups.
Presumably Jim will have tried out his web files locally before
uploading them (one should always!);
if they worked thus without the
.php files, then presumably they don't need them. That's not to say he _should_ delete them - I agree, asking his hosters sounds like a good
idea - I just don't think doing so will break his website _for that reason_.>>
| Sysop: | Amessyroom |
|---|---|
| Location: | Fayetteville, NC |
| Users: | 54 |
| Nodes: | 6 (0 / 6) |
| Uptime: | 14:03:49 |
| Calls: | 742 |
| Files: | 1,218 |
| D/L today: |
3 files (2,681K bytes) |
| Messages: | 183,733 |
| Posted today: | 1 |