Everything You Need To Know About the WP-VCD.PHP Malware

Aditya Kumar Pandey
3 min readSep 26, 2022
Photo by Markus Spiske on Unsplash

As per the latest reports from the Search Engine Journal, a whopping 39.5% of all websites run on WordPress. While the numbers may be remarkable, considering that a single malware or bug can take half of the internet down raises red flags.

One such malware that threatens the entire ecosystem is the WP-VCD.PHP virus.

As rightly pointed out by WordFence, WP-VCD.PHP is “the malware you installed on your website.” It redirects traffic to a specific website, and the very next moment, you learn that you are hacked.

So what exactly is this malware, and how does it work?

Let’s dive into the details.


While concerns about your WordPress website may keep you up all night, this malware adds to the woes. The malware enters your website through a nulled theme or plugin, making admins unaware of the possible entry.

The technique is not unique in its approach. We have all witnessed what nullified themes and plugins have done before, which raises the concern. The creation of backdoors and the traffic diverting elements are some of the common acts that could possibly harm your business.

As a word of caution: If you have opted for shared hosting, chances exist that you can expect other websites to be affected by the malware. WP-VCD.PHP replicates at an alarming rate; hence it should be isolated as much as possible.

How Does the WP-VCD.PHP Work?

The malware finds its way into the system through infected themes and plugins. It then affects the rest of the plugins and themes before corrupting the rest and the core WordPress files.

The situation worsens with the malware spreading across all the websites that share the same CPanel. In this case, you can observe that your other websites get hacked.

Attempts to clean the website have in the past had no luck. The virus regains its position even after removing its components several times. In most cases, the malware returns as soon as the page is refreshed. This happens when the virus has not been completely reloaded, and the existing code regenerates the malware you just deleted.

What Does The WP-VCD.PHP Malware Do?

The principal goal of the WP-VCD.PHP malware is to drive traffic to spam websites. The following is achieved through Black-hat SEO principles or spam ads. The following phenomenon is described as malvertising.

Additionally, the creators generate revenue by driving traffic through spam websites using ads. Further, the malware integrates with the core software offerings of targeted websites, leading to greater chaos.

Some of the leading factors that makes this malware unpleasant are as follows:

· Creates fake admin profiles

· Inject spam links in the website

· Redirection of traffic, although not always


While there are several undesired effects of the WP-VCD.PHP malware, the image of a brand gets affected deeply. However, with the right products available, one can easily get rid of similar instances.