Title: Hacked WordPress sites &#8211; code in header.php
Last modified: August 21, 2016

---

# Hacked WordPress sites – code in header.php

 *  [svetto](https://wordpress.org/support/users/svetto/)
 * (@svetto)
 * [12 years ago](https://wordpress.org/support/topic/hacked-wordpress-sites-code-in-headerphp/)
 * Hi,
 * Today I noticed that all my wordpress sites were loading extremely slow. I searched
   deeper and I found the following code in all themes’ (either active or inactive)
   header.php file:
 * _[Code moderated. Please do not post hack code blocks in the forums. Please use
   the [pastebin](http://wordpress.pastebin.com/) if absolutely necessary/]_
 * Does anyone have an idea what this code does?
 * When I removed the code from all of the sites they started to load fast as before.
   I checked for some other files modified on the same date as header.php but I 
   couldn’t find any.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [12 years ago](https://wordpress.org/support/topic/hacked-wordpress-sites-code-in-headerphp/#post-4983469)
 * You need to start working your way through these resources:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * Anything less will probably result in the hacker walking straight back into your
   site again.
 * Additional Resources:
    [Hardening WordPress](http://codex.wordpress.org/Hardening_WordPress)
   [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) 
   [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)
 *  [peter_sucuri](https://wordpress.org/support/users/peter_sucuri/)
 * (@peter_sucuri)
 * [12 years ago](https://wordpress.org/support/topic/hacked-wordpress-sites-code-in-headerphp/#post-4983713)
 * Hi svetto,
 *  I’d love to help and let you know what exactly the code did, but I’d need it
   shared here via pastebin here. If you still need it, just share the code..

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Hacked WordPress sites – code in header.php’ is closed to new replies.

## Tags

 * [hacked](https://wordpress.org/support/topic-tag/hacked/)
 * [header.php](https://wordpress.org/support/topic-tag/header-php/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 2 replies
 * 3 participants
 * Last reply from: [peter_sucuri](https://wordpress.org/support/users/peter_sucuri/)
 * Last activity: [12 years ago](https://wordpress.org/support/topic/hacked-wordpress-sites-code-in-headerphp/#post-4983713)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics