Malicious code is running inside theme/functions.php

  • [ Moderator note: moved to Fixing WordPress. ]

    I have been working on multiple clients site. And encounted a very similar coding in all the theme’s files functions.php. Since it’s appears to be very odd because it’s not linked to any functionality at all.

    [ redacted ]

    At first sight, It appears to be moving $_REQUEST password string and connecting with database. Any one else encountered the same ? Just curious to know if it’s harmful.

    [ redacted ]

    Right now, I am searching the plugin in client hosted site, who is editing this file.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Please don’t post malware code in these forums, even a link to it. It doesn’t matter, what matters is that your clients site was compromised.

    Carefully follow this guide.

    When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thread Starter LogixTree

    (@logixtree)

    Hello Dembowski,

    Well, It was necessary to know what this code was doing, because we keep on encountering this on new clients site. Anyway, We will find it out. Thank you for responding and raising concern regarding it.

    Regards,
    LogixTree

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Malicious code is running inside theme/functions.php’ is closed to new replies.