Title: New Malicious code added to functions.php
Last modified: September 1, 2016

---

# New Malicious code added to functions.php

 *  [gschaefer](https://wordpress.org/support/users/gschaefer/)
 * (@gschaefer)
 * [9 years, 10 months ago](https://wordpress.org/support/topic/new-malicious-code-added-to-functionsphp/)
 * Just came across this code in the functions.php for a WordPress theme
 * Is it Malicious?
 * _[ redacted ]_

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [9 years, 10 months ago](https://wordpress.org/support/topic/new-malicious-code-added-to-functionsphp/#post-7590115)
 * Yes and please do not post malware code in these forums.
 * Please remain calm and carefully follow [this guide](https://codex.wordpress.org/FAQ_My_site_was_hacked).
 * When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://codex.wordpress.org/Hardening_WordPress).
 *  [swachhsite](https://wordpress.org/support/users/swachhsite/)
 * (@swachhsite)
 * [9 years, 10 months ago](https://wordpress.org/support/topic/new-malicious-code-added-to-functionsphp/#post-7590116)
 * It definitely looks malicious, in which theme did you trace it.Hackers target
   funtions.php, header and index mostly to display their spam contents on the site.
 *  Thread Starter [gschaefer](https://wordpress.org/support/users/gschaefer/)
 * (@gschaefer)
 * [9 years, 10 months ago](https://wordpress.org/support/topic/new-malicious-code-added-to-functionsphp/#post-7590118)
 * i found it in on a clients website, it was the Mynt Mobile theme.
 * luckily it was an old website and cpanel account we are taking down anyway so
   no harm done this time. I have seen plenty of other functions.php hacks with 
   malicious code before like social.png but not that snippet before. Seems like
   a new and potentially more harmful variety. It looks like it gives the remote
   user admin access to me.
 * PS; sorry for posting the code snippet, but thought the admins might like a copy.
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [9 years, 10 months ago](https://wordpress.org/support/topic/new-malicious-code-added-to-functionsphp/#post-7590122)
 * > PS; sorry for posting the code snippet, but thought the admins might like a
   > copy.
 * Nope. 😉 The code really is irrelevant. What is important that someone was able
   to arbitrarily place code that website.
 * The client’s website still has to be deloused. Deleting the code isn’t enough,
   unless the attack vector is fixed it or a different compromise will just come
   back again.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘New Malicious code added to functions.php’ is closed to new replies.

## Tags

 * [code](https://wordpress.org/support/topic-tag/code/)
 * [malicious](https://wordpress.org/support/topic-tag/malicious/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 4 replies
 * 3 participants
 * Last reply from: [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * Last activity: [9 years, 10 months ago](https://wordpress.org/support/topic/new-malicious-code-added-to-functionsphp/#post-7590122)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics