Title: eval base64_decode Last modified: August 19, 2016 --- # eval base64_decode * [adamt07](https://wordpress.org/support/users/adamt07/) * (@adamt07) * [16 years, 7 months ago](https://wordpress.org/support/topic/eval-base64_decode/) * ok..so I’m getting hit with this freaking eval base64_decode javascript injection. I’m running 2.8.4. I had this problem earlier today, so I re-installed all the scripts and checked the database to make sure it was clear. Everything was working perfectly for a few hours and now I’m having the same problem. I’m getting this huge javascript injection on my wp-settings.php and my functions files for both WordPress and my theme files. I’ve done all the standard security fixes, months ago. I have no idea where this is coming from. Anybody else having this problem? * Thanks Viewing 8 replies - 1 through 8 (of 8 total) * [Roy](https://wordpress.org/support/users/gangleri/) * (@gangleri) * [16 years, 7 months ago](https://wordpress.org/support/topic/eval-base64_decode/#post-1243724) * Read this and the articles linked to. You obviously didn’t clean up properly and left the backdoor open. [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) * Thread Starter [adamt07](https://wordpress.org/support/users/adamt07/) * (@adamt07) * [16 years, 7 months ago](https://wordpress.org/support/topic/eval-base64_decode/#post-1243727) * yep..did all that. htaccess files, changed passwords, re-uploaded all my files, everything I could think. Still getting it. I’m running the latest version (re- downloaded it just to be safe). If I can figure where it’s coming in I’ll post it. * [RF](https://wordpress.org/support/users/rf/) * (@rf) * [16 years, 7 months ago](https://wordpress.org/support/topic/eval-base64_decode/#post-1243729) * Did the same yesterday, replaced all the core files and checked the database and i thought it was clean. Today noticed that files were again injected with base64_decode and javascript files were altered as well with sweetworld.co.uk links. * [Roy](https://wordpress.org/support/users/gangleri/) * (@gangleri) * [16 years, 7 months ago](https://wordpress.org/support/topic/eval-base64_decode/#post-1243832) * If you’re positive that it’s not your installation, you might want to talk to your host to see if it’s another website on the same server. * [mtitech](https://wordpress.org/support/users/mtitech/) * (@mtitech) * [16 years, 7 months ago](https://wordpress.org/support/topic/eval-base64_decode/#post-1243835) * We had this problem when multiple websites were hosted at the same account, such as: /home/site1/… /home/site2/… * If one of the sites has a “dirty” compromised PHP script – it could get to all clean sites and infect them. * To solve it either open separate hosting account for each domain or buy “reseller” account from hosting provider. There are possibly other ways to physically separate hosting spaces between domains. Reseller account likely to be more cost efficient. * Mike * Thread Starter [adamt07](https://wordpress.org/support/users/adamt07/) * (@adamt07) * [16 years, 7 months ago](https://wordpress.org/support/topic/eval-base64_decode/#post-1243881) * They said they haven’t had any problems. I’m thinking it might just be compromised FTP info. I’m about to change all my passwords and cross my fingers. I’m running a scan first to make sure I haven’t picked up any bugs on my system. * [RF](https://wordpress.org/support/users/rf/) * (@rf) * [16 years, 7 months ago](https://wordpress.org/support/topic/eval-base64_decode/#post-1243894) * Replaced all the core files/changed passwords yesterday again and did another check to the files. It seems now that my problem is solved as site is still up and running. Perhaps I missed few files on the first time. * [MichaelH](https://wordpress.org/support/users/michaelh/) * (@michaelh) * [16 years, 7 months ago](https://wordpress.org/support/topic/eval-base64_decode/#post-1243981) * Link to similar discussion on wp-hackers: [http://lists.automattic.com/pipermail/wp-hackers/2009-October/028256.html](http://lists.automattic.com/pipermail/wp-hackers/2009-October/028256.html) Viewing 8 replies - 1 through 8 (of 8 total) The topic ‘eval base64_decode’ is closed to new replies. ## Tags * [javascript](https://wordpress.org/support/topic-tag/javascript/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 8 replies * 5 participants * Last reply from: [MichaelH](https://wordpress.org/support/users/michaelh/) * Last activity: [16 years, 7 months ago](https://wordpress.org/support/topic/eval-base64_decode/#post-1243981) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics