Functions.php compromised

  • tharum

    (@tharum)


    7 years, 2 months ago

    I’ve found one of WordPress sites compromised. The Functions.php file contains some scripts that I suspected that making the functionalities of the WordPress dashboard reduced. For example, cannot go to Comment section even with Admin privilege. Cannot add new plugins even with Admin access.

    I tried to deleted and uploaded a new Functions.php file that’s clean. The next day, the compromised file is back. It seems it’s automatically replaced.

    Please see the content on this functions file below and help advise me how to fix this malicious stuff.

    [Large code redacted, please use a paste service]

    • This topic was modified 7 years, 2 months ago by Marius L. J.. Reason: Removed copy-pasted core file

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Naveen Kharwar

    (@naveenkharwar)

    7 years, 2 months ago

    Hey
    Can you provide some more information like!

    • WordPress Version installed?
    • Theme you are using?
    • Is this problem still there when you deactivate all plugins?
    • Is this problem still there in Twenty Nineteen
      Thread Starter tharum

      (@tharum)

      7 years, 2 months ago

      Already updated to the latest 5.1.1.
      theme: https://ww.wp.xz.cn/themes/apex/
      still problem even after switching to 2019 theme.

      Minerva Infotech

      (@minervainfotech)

      7 years, 2 months ago

      Hi tharum,

      First check it whether your “WordPress” updated with latest version or not. If not, then update website. Same questions for all plugins and themes. Then you can disabled all plugins and activate one by one. In this process you have to check whether any plugin is creating issues.

      Also, you can install “Wordfence” plugin which will scan your all the files and produce reports. It will block unwanted access in your admin panel.

    Viewing 3 replies - 1 through 3 (of 3 total)

    The topic ‘Functions.php compromised’ is closed to new replies.