Download your server’s access log for the last 30 days. Search for strings containing:
The appearance of -KEYWORD-wp-includes PHPMailer index.php in your logs is a warning shot. Even if you aren’t hacked yet, you are being probed. Here’s how to stay safe:
Every directory in WordPress that should not be listed publicly contains an index.php file. This is a security-by-design feature. The typical index.php inside wp-includes/PHPMailer/ simply contains a silent die() statement or a wp_die() . Its sole purpose is to prevent directory listing and direct access to other PHP files in the same folder.
By default, WordPress uses the PHP mail function. However, for better deliverability, many users configure WordPress to use an SMTP server via plugins. This configuration often involves modifying how PHPMailer sends emails. -KEYWORD-wp-includes PHPMailer index.php
Have you seen this exact pattern in your logs? Run a manual check of /wp-includes/PHPMailer/class.phpmailer.php and confirm your version number below in the comments—or take immediate action by updating WordPress to the latest stable release.
If you see this keyword in your access logs, do not ignore it. Run these checks immediately:
: Most hacks occur through outdated third-party plugins rather than WordPress core itself. Download your server’s access log for the last 30 days
If you suspect your site has been compromised via this path, follow these steps:
Attackers specifically look for the presence of wp-includes/PHPMailer/ because an outdated version here can allow them to inject malicious email headers, leading to arbitrary file uploads or server takeover.
Here is what you need to know about why hackers target these three elements together. Here’s how to stay safe: Every directory in
: Use a security plugin like Wordfence to identify other infected files, as attackers rarely leave only one script.
The presence of a file at wp-includes/PHPMailer/index.php is almost certainly a sign of a . In a standard WordPress installation, the PHPMailer directory within wp-includes does not contain an index.php file. Security Risk Overview
В случае недоступности сайта используйте рабочие зеркала: