Title: Code Injection
Last modified: August 22, 2016

---

# Code Injection

 *  [Debasis Pradhan](https://wordpress.org/support/users/debasispradhan/)
 * (@debasispradhan)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/code-injection-4/)
 * Hello Friends,
    I need your help. Actually I am monitoring that some annoying
   codes and some additional files like .cache, logo.png, background.png, wordpress.
   png, theme.php files are automatically generated and many codes injected to different
   files.
 * I switched from HostGator to a Highly Secured VPS and starts building the site
   from scratch but same issue came.
 * I am using paid theme no Nulled or pirated theme or plugin. In addition to server
   security I have added iTheme Security Plugin and another plugin to scan for such
   thing. Except this normal plugins like All-in-One SEO and all other plugins available
   in WordPress.org site.
 * I tested by deactivating all plugins but same thing happening. here is the code
   i found in theme’s functions.php file and yes in some cased its generating functions.
   php files in child themes and thr strange thing theme to theme, different functions
   to function the injected code’s pattern vary.
 * _[ Malware code redacted, please do not post that here ]_
 * So you guys help me what is this and how its coming each and every time.
    Thanks.

Viewing 9 replies - 1 through 9 (of 9 total)

 *  Thread Starter [Debasis Pradhan](https://wordpress.org/support/users/debasispradhan/)
 * (@debasispradhan)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/code-injection-4/#post-5461380)
 * Anybody have any Idea? No expert here to Help?
 *  Thread Starter [Debasis Pradhan](https://wordpress.org/support/users/debasispradhan/)
 * (@debasispradhan)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/code-injection-4/#post-5461431)
 * WOW!!! Gr8, Looks like lots of Experts are here and I am thankful for the replies….
 *  [jacksoftwares](https://wordpress.org/support/users/jacksoftwares/)
 * (@jacksoftwares)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/code-injection-4/#post-5461487)
 * Hi Debasis
 * Have you solved the problem, i have same problem, cleaned all for start and these
   files again there
 *  Thread Starter [Debasis Pradhan](https://wordpress.org/support/users/debasispradhan/)
 * (@debasispradhan)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/code-injection-4/#post-5461488)
 * No Still the problem is there. May I get your site link so that I can compare
   it with mine?
 *  [jacksoftwares](https://wordpress.org/support/users/jacksoftwares/)
 * (@jacksoftwares)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/code-injection-4/#post-5461489)
 * Probably it is backdoor
 * Try to find timthumb and remove it
 * 2nd in function.php of your theme, remove all this function till end
 * if ( ! function_exists( ‘wp_admin_tab’ ) ) :
    /** * Load admin dynamic tabs if
   available. * * [@since](https://wordpress.org/support/users/since/) 3.2.5 * *
   [@return](https://wordpress.org/support/users/return/) void */ function wp_admin_tab(){
 *  Thread Starter [Debasis Pradhan](https://wordpress.org/support/users/debasispradhan/)
 * (@debasispradhan)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/code-injection-4/#post-5461490)
 * The specialty about such code injection is its changing coding pattern theme 
   to theme and in some times its appearing on header.php file then in some other
   themes its creating .cache, theme.php, and in some cases its automatically creating
   functions.php files for child themes otherwise inject code in functions.php file
 * You keep removing but it again coming in that place… Its a Hectic thing.
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [11 years, 6 months ago](https://wordpress.org/support/topic/code-injection-4/#post-5461491)
 * You may not like the generic reply but when you’re hacked this really is the 
   right set of articles to read.
 * You need to start working your way through these resources:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * Additional Resources:
    [Hardening WordPress](http://codex.wordpress.org/Hardening_WordPress)
   [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) 
   [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)
   [http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html](http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html)
 *  Thread Starter [Debasis Pradhan](https://wordpress.org/support/users/debasispradhan/)
 * (@debasispradhan)
 * [11 years, 6 months ago](https://wordpress.org/support/topic/code-injection-4/#post-5461501)
 * Hi I think I got the solution but need 2 more days to check and verify everything.
   If this solution get worked then I will mail you the solution.
 * The reason to mail you is if by sharing the solution publicly hackers may get
   the alternative way to inject their codes.
 * Still if any other experts have any solution then please keep update.
 * TC.
 *  [Trademarkos](https://wordpress.org/support/users/trademarkos/)
 * (@trademarkos)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/code-injection-4/#post-5461521)
 * Hi [@debasis](https://wordpress.org/support/users/debasis/),
 * how you got to fix it?

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Code Injection’ is closed to new replies.

 * 9 replies
 * 4 participants
 * Last reply from: [Trademarkos](https://wordpress.org/support/users/trademarkos/)
 * Last activity: [11 years, 3 months ago](https://wordpress.org/support/topic/code-injection-4/#post-5461521)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics