anthonyadinolfi

The “MailChimp” and “Advanced noCaptcha reCaptcha” plugins also causes the error to be thrown. Unfortunately, the update you made for debugging now flags multiple plugins in a way that isn’t appropriate (we should not need to deactivate multiple plugins so that our users don’t see an error generated by your plugin when visiting our sites).

• This reply was modified 7 years, 11 months ago by anthonyadinolfi.

The “MailChimp” and “Advanced noCaptcha reCaptcha” plugins also causes the error to be thrown. Unfortunately, the update you made for debugging now flags multiple plugins in a way that isn’t appropriate (we should not need to deactivate multiple plugins so that our users don’t see an error generated by your plugin when visiting our sites).

• This reply was modified 7 years, 11 months ago by anthonyadinolfi.

Great advice @failedprocess and @neschalk, appreciate the responses. I think the biggest take away from this is to make sure that…

1. Your WordPress install is always up to date.
2. Your plugins are always up to date.
3. Your themes (and any nested plugins) are always up to date.
4. You take steps (Sucuri, WordFence, etc) to further harden your site.
5. BACKUP YOUR SITE ON THE REGULAR.

That will go a long way towards preventing this from happening. It was far more efficient for us to nuke the site and restore from a backup than it was to parse through the files attempting to find offending code. The client has since taken all of the appropriate steps outlined above.

Good times!

Best,
Anthony Adinolfi

An outdated version of the Revolution Slider that was pre-packaged with the theme was the attack vector. Site host restored parent directory from a backup to resolve and the theme was manually updated.

A few similiar posts via StackOverflow and SomeWebGeek…

https://stackoverflow.com/questions/8929141/hacked-website-unusual-php-file

https://stackoverflow.com/questions/8929141/hacked-website-unusual-php-file

wp-head.php file in its entirety…

Possible malicious code removed.