This issue has been seen in many site after Wordfence posted the article on the vulnerability in our Theme. The vulnerability was fixed in the theme updates 4.963 however many of you may have customised versions which can lead to manually fixing this issue.
This was only the second vulnerability reported in WPLMS in over 10 years, the first one was in 2014 , second one in 2024.
The Issue :
Someone made a hack attempt at your site and removed the wp-config.php.
Quickest fix :
Locate the wp-config.php from your backups and add it to your site.
Alternate fix:
Generate the Wp-config.php again. , you will find a wp-config-sample.php in your site, copy/rename it to wp-config.php and then you will have to locate the database credentials of your wordpress site and add them in the wp-config.php
The following part in wp-config.php is what you’ll need to get from your database :
define( 'DB_NAME', 'database_name_here' );
define( 'DB_USER', 'username_here' );
define( 'DB_PASSWORD', 'password_here' );
/* MySQL database table prefix. */
$table_prefix = 'wp_';
Recommended Permanent fix :
Update the theme to 4.963
In case you are not on version 4 or Do not wish to upgrade.
The vulnerability was reported in export wizard, this wizard is not present in all theme versions.
The fix is to disable this wizard and remove the responsible file without going too much into the code.
1. Go to WP admin – Appearance – Themes – Editor
2. Locate WPLMS theme and edit the files.
3. Locate the file wplms/setup/installer/envato-setup.php
perform the actions as below :
Without any impact to your site, the vulnerability is removed from your site.
This is a permanent fix to your WPLMS Site.