Title: malware in functions.php
Last modified: August 20, 2016

---

# malware in functions.php

 *  [was955](https://wordpress.org/support/users/was955/)
 * (@was955)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/)
 * hi
 * i am having malware in my theme in wordpress 3.3.1 it is found in functions.php
   here is the code i can’t find what is causing this???
 * can someone help
 * _[ Do not post malware code here. If you must share (really you don’t need to)
   use [pastebin.com](http://pastebin.com/) instead. ]_

Viewing 13 replies - 1 through 13 (of 13 total)

 *  Thread Starter [was955](https://wordpress.org/support/users/was955/)
 * (@was955)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682734)
 * this article explains about the problem
 * [http://redleg-redleg.blogspot.com/2012/02/redirects-to-googosearch-biz.html](http://redleg-redleg.blogspot.com/2012/02/redirects-to-googosearch-biz.html)
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682753)
 * The what the code is doing isn’t really useful. What you need to start doing 
   is delouse your installation.
 * Start working your way through these resources:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/)
   
   [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/)
 * [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)
 *  [perezbox](https://wordpress.org/support/users/perezbox/)
 * (@perezbox)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682844)
 * If what was955 doesn’t work let us know. Post the url also so that we can take
   a look.
 * Thanks
 *  Thread Starter [was955](https://wordpress.org/support/users/was955/)
 * (@was955)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682852)
 * [http://pastebin.com/fPpLJcFy](http://pastebin.com/fPpLJcFy)
 *  [perezbox](https://wordpress.org/support/users/perezbox/)
 * (@perezbox)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682853)
 * Hi what is your site.
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682854)
 * Use the links that Jan posted above,.
 *  Thread Starter [was955](https://wordpress.org/support/users/was955/)
 * (@was955)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682855)
 * my site is
    [http://arab-seo.net/](http://arab-seo.net/)
 *  [perezbox](https://wordpress.org/support/users/perezbox/)
 * (@perezbox)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682856)
 * Hi was955
 * Have you followed the links Jan provided? Where are you in the process?
 * Did you already remove it from your site?
 * As to what is causing it, its always hard to say without analyzing your site.
 * The one thing I would add is don’t stop at looking at just this site, extend 
   it to the server or account in which it sits. It could be a backdoor you are 
   missing.
 * Here is an example of why: [http://blog.sucuri.net/2012/03/website-cross-contamination-blackhat-seo-spam-malware.html](http://blog.sucuri.net/2012/03/website-cross-contamination-blackhat-seo-spam-malware.html)
 * Another big trend we’re seeing is this: [http://blog.sucuri.net/2012/03/a-little-tale-about-website-cross-contamination.html](http://blog.sucuri.net/2012/03/a-little-tale-about-website-cross-contamination.html)
 * There are also all the obvious things like vulnerable third party tools and poor
   server and account management.
 * As you can see, many variables to consider.
 * Thanks
 *  Thread Starter [was955](https://wordpress.org/support/users/was955/)
 * (@was955)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682857)
 * well i always remove the code from the functions.php the problem it comes back.
 * i am trying all the options
 * the site is the only site who is infected in the server
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682858)
 * > well i always remove the code from the functions.php the problem it comes back.
 * That’s why it’s really critical that you delouse your WordPress installation 
   as well as your server. If you don’t close the door that the attacker is using,
   you’ll just continue to attack the symptoms.
 * Follow those links I posted earlier, they really can help you understand as well
   as help you clean up that mess.
 *  [perezbox](https://wordpress.org/support/users/perezbox/)
 * (@perezbox)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682859)
 * +100 Jan
 *  Thread Starter [was955](https://wordpress.org/support/users/was955/)
 * (@was955)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682862)
 * ok i’ll continue tommorow
 * should i delete unactive plugins
 *  [perezbox](https://wordpress.org/support/users/perezbox/)
 * (@perezbox)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682863)
 * Yes – [http://blog.sucuri.net/2011/10/remove-unsused-testing-debug-software-from-your-site.html](http://blog.sucuri.net/2011/10/remove-unsused-testing-debug-software-from-your-site.html)

Viewing 13 replies - 1 through 13 (of 13 total)

The topic ‘malware in functions.php’ is closed to new replies.

## Tags

 * [functions](https://wordpress.org/support/topic-tag/functions/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 13 replies
 * 4 participants
 * Last reply from: [perezbox](https://wordpress.org/support/users/perezbox/)
 * Last activity: [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682863)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics