Title: header.php hacked
Last modified: September 1, 2016

---

# header.php hacked

 *  Resolved [tonicopi](https://wordpress.org/support/users/tonicopi/)
 * (@tonicopi)
 * [9 years, 12 months ago](https://wordpress.org/support/topic/headerphp-hacked-1/)
 * Hi, this morning, after the automatic upgrade to WordPress 4.5.3, it will be 
   continually overwritten me header.php template, sending the site offline. This
   is what happens to overwrite the default template.
 * Many tanks

Viewing 10 replies - 1 through 10 (of 10 total)

 *  [Andrew Nevins](https://wordpress.org/support/users/anevins/)
 * (@anevins)
 * WCLDN 2018 Contributor | Volunteer support
 * [9 years, 12 months ago](https://wordpress.org/support/topic/headerphp-hacked-1/#post-7505804)
 * You need to start working your way through these resources:
    - [https://codex.wordpress.org/FAQ_My_site_was_hacked](https://codex.wordpress.org/FAQ_My_site_was_hacked)
    - [https://wordpress.org/support/topic/268083#post-1065779](https://wordpress.org/support/topic/268083#post-1065779)
    - [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
    - [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * Additional Resources:
    - [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/)
    - [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/)
    - [https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)
 *  [makeonlineshop](https://wordpress.org/support/users/makeonlineshop/)
 * (@makeonlineshop)
 * [9 years, 12 months ago](https://wordpress.org/support/topic/headerphp-hacked-1/#post-7505950)
 * Hello, is there a reason why you found the hack during update ?
 *  Thread Starter [tonicopi](https://wordpress.org/support/users/tonicopi/)
 * (@tonicopi)
 * [9 years, 12 months ago](https://wordpress.org/support/topic/headerphp-hacked-1/#post-7506088)
 * > Hello, is there a reason why you found the hack during update ?
 * The thing was accidental.Having arrived the notice of automatic update I went
   to check out the sites and I found three hacked, on three different servers, 
   with the same template. But trying to use as the default template also the header.
   php was continually overwritten.
 * Thanks to kindly provided suggestions by Andrew Nevins I set patiently to work.
   Downloaded locally a copy of one of the sites, and scanned with Kaspersky and
   other antivirus tool, I could not find malicious code or viruses.
 * Restoring a backup copy of your website does not solve the problem.
 * From the reading of the site log files were not unusual access via ftp.
 * I then tried to disable all the administrator except my changing my password,
   which was already strong with a extrastrong created on the fly from the admin
   panel of wordpress site.
 * For more than 24 hours in any of three sites vine longer overwritten the header.
   php template and I’m happy, really happy!
 * I make this relationship that will perhaps help some other user with the same
   problem.
 * TANKS wordpress volunteers for the wonderful work!!!
 *  [Bert](https://wordpress.org/support/users/bgd01/)
 * (@bgd01)
 * [9 years, 11 months ago](https://wordpress.org/support/topic/headerphp-hacked-1/#post-7506144)
 * Hi there.
    The exact same thing is happening to me – literally the same file 
   and the same code.
 * May I ask – what is the Theme you are using?
 *  [George J](https://wordpress.org/support/users/georgejipa/)
 * (@georgejipa)
 * [9 years, 11 months ago](https://wordpress.org/support/topic/headerphp-hacked-1/#post-7506157)
 * Hello,
 * Same problem here, but with older version of WP (4.3.x).
 * header.php content:
 * _[ Redacted, do not post malware code in these forums ]_
 * Decoded content:
 * _[ Redacted, do not post malware code in these forums ]_
 * There are no successful logins into FTP/WP-Admin (based on logs)… but somehow
   he managed to change header.php’s content.
 * What I’ve done:
    – reset all user passwords – replaced wp with the latest version
   from repo – changed all salt keys from wp-config – replaced all plugins with 
   latest versions from repo
 * Hope everything is fine now! 🙂
 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [9 years, 11 months ago](https://wordpress.org/support/topic/headerphp-hacked-1/#post-7506158)
 * and the same response — you’ve been hacked.
 * You need to start working your way through these resources:
    - [https://codex.wordpress.org/FAQ_My_site_was_hacked](https://codex.wordpress.org/FAQ_My_site_was_hacked)
    - [https://wordpress.org/support/topic/268083#post-1065779](https://wordpress.org/support/topic/268083#post-1065779)
    - [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
    - [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * Additional Resources:
    - [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/)
    - [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/)
    - [https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)
 *  [George J](https://wordpress.org/support/users/georgejipa/)
 * (@georgejipa)
 * [9 years, 11 months ago](https://wordpress.org/support/topic/headerphp-hacked-1/#post-7506159)
 * Thanks [@sterndata](https://wordpress.org/support/users/sterndata/)! Already 
   solved.
 *  [Bert](https://wordpress.org/support/users/bgd01/)
 * (@bgd01)
 * [9 years, 11 months ago](https://wordpress.org/support/topic/headerphp-hacked-1/#post-7506160)
 * What theme are people using? Trying to find a common denominator.
 *  [George J](https://wordpress.org/support/users/georgejipa/)
 * (@georgejipa)
 * [9 years, 11 months ago](https://wordpress.org/support/topic/headerphp-hacked-1/#post-7506161)
 * [@bgd01](https://wordpress.org/support/users/bgd01/): custom theme
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [9 years, 11 months ago](https://wordpress.org/support/topic/headerphp-hacked-1/#post-7506162)
 * _**Please do not post malware code in these forums. **_
 * It really does not matter what the code is, that’s not how they got in and the
   code does not matter one bit. What matters is that the attacker got in. You need
   to delouse your installation or another compromise will happen again.
 * As already indicated, please remain calm and carefully follow [this guide](https://codex.wordpress.org/FAQ_My_site_was_hacked).
 * When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://codex.wordpress.org/Hardening_WordPress).

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘header.php hacked’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 10 replies
 * 7 participants
 * Last reply from: [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * Last activity: [9 years, 11 months ago](https://wordpress.org/support/topic/headerphp-hacked-1/#post-7506162)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics