Eval base64 – SOLUTION

…and EASY solution, at that…

I suffered severe eval base injections into all of my sites the past week or two. I have also been hacked, had the dancing little Mexican visiting my site hehe…sure it caused for a great laugh but also panic stations as I have clients that pay.

My very awesome server-people advised me that I had been attacked and that it came from my plugins – they could not say which of course…

Yesterday, after many hours trying to decode especially the functions.php pages – I decided to see if there is a “eval base64” detector plugin for WordPress. I found the Threat Scan Plugin, installed it. It installs under the “settings” option in your admin panel. I was amazed – it pointed out exactly which plugins was the “leak”. It does nothing else but that, so you don’t have to worry that it breaks code at all. You have to uninstall (delete) the plugins causing that, yourself.

Do yourselves a favour and install this and delete the plugins it points out – MY WordPress sites was immediately saved, yours will be too! You MAY have to replace your functions.php file with the healthy one though, but you won’t be sorry.

Should you have tried to fix your site and broken it, perhaps your server-people would have a backup to reinstall – even if it is affected (which it should then be, if the plugin is in that backup). Don’t panic, just do the above and relax.

It sure worked for me.

Happy blogging!

PS:
The Newsletter plugin and Mail plugin was two that I had to remove…can’t remember which other. Be very careful and run the Threat Scan Plugin regularly, as perhaps with the updates of the plugins they sneak in their little eval base64 codes.