WordPress 4.0.1 Dashicons.css Malicious code?

  • Hi everyone, I downloaded the latest version of WordPress (4.0.1) and noticed some gibberish code in the “wp-includes/css/dashicons.css” file….

    I just want to know and make sure if this malware inserted in the latest version of WordPress or not as it’s got a bunch of unknown text.

    I downloaded the WordPress from my site dashboard and also downloaded it from the official site “www.remarpro.com”

    any ideas would be really helpful

Viewing 5 replies - 1 through 5 (of 5 total)

  • define gibberish? it maybe that its a base64 encoded image, if an image is small enough your can embed images into css to save having to load a separate file…

    I have just checked the files. 4.0.0 and 4.0.1 are identical. I see only minor changes going back to 3.9.0
    The gibberish is defining a font called “dashicons”.

    Thank you for raising your concerns.

    src:url(data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAFk8AA4AAAAAkVwAAQAAAAAAAAAAA........

    is a font file embedded in the css file, its an optimisation, its a standard part of wp 4.0.1

    ??

    Thread Starter edblogs

    (@edblogs)

    thank you for the tips and information guys! i just checked some of the older versions as well, they’re identical.

    i stumbled upon this code as i was trying to check my site due to malware issues. so i need to find what caused the problem in the first place.

    again i appreciate the responses! ??

    Bluehost just suspended my account for this so-called malicious code:

    These files appear to contain malicious code. You will want to review the files and remove the injected code from important files and/or remove unused or invalid files.

    /mypath/public_html/mark/wp-includes/css/dashicons.min.css
    /mypath/public_html/mark/wp-includes/css/dashicons.css
    /mypath/public_html/mysite/modules/mod_AutsonSlideShow/elements/colorpicker.php

    now what? they want me to remove everything

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘WordPress 4.0.1 Dashicons.css Malicious code?’ is closed to new replies.