Title: [Plugin: WordPress Exploit Scanner] Evals and Base 64&#8217;s
Last modified: August 19, 2016

---

# [Plugin: WordPress Exploit Scanner] Evals and Base 64’s

 *  [steve-d](https://wordpress.org/support/users/steve-d/)
 * (@steve-d)
 * [16 years, 1 month ago](https://wordpress.org/support/topic/plugin-wordpress-exploit-scanner-evals-and-base-64s/)
 * Excuse me for being ignorant. But I’m learning. What is this stuff?
 * **Could be JavaScript code used to hide code inserted by a hacker.**
    input =
   eval(‘(‘ + input + ‘)’);
 * I have six of the above _input = eval(‘(‘ + input + ‘)’);_ in php’s of some plugins.
   And one each in plugin php’s below.
 * **Often used by malicous scripts to decode previously encoded data, such as malicious
   URLs**
    $data = base64_decode($data); eval( $cache );
 * **Often used by malicous scripts to decode previously encoded data, such as malicious
   URLs**
    $content = base64_decode($resources[ $_GET[‘resource’] ]);
 * **Could be JavaScript code used to hide code inserted by a hacker.**
    strpos(
   $_SERVER[‘REQUEST_URI’], “eval(“) ||
 * Do I have a problem? Or this this normal?

Viewing 1 replies (of 1 total)

 *  [petercasier](https://wordpress.org/support/users/petercasier/)
 * (@petercasier)
 * [16 years ago](https://wordpress.org/support/topic/plugin-wordpress-exploit-scanner-evals-and-base-64s/#post-1486224)
 * “base64_decode” has been used in the latest massive blog attacks on GoDaddy and
   other shared hosts, so it is normal the scan reveals possible misuse.
    (but the
   recent hacks had a different pattern than what you describe above, see [this post](http://www.blogtips.org/how-to-cure-your-godaddy-wordpress-hacked-blog/))
 * So is the code you quote devious? It depends in which files you found them. Check
   the file names, and see if they actually make part of a plug-in, or a standard
   installation. If they are, then you are ok. If not, there is trouble.
 * P.

Viewing 1 replies (of 1 total)

The topic ‘[Plugin: WordPress Exploit Scanner] Evals and Base 64’s’ is closed to
new replies.

 * 1 reply
 * 2 participants
 * Last reply from: [petercasier](https://wordpress.org/support/users/petercasier/)
 * Last activity: [16 years ago](https://wordpress.org/support/topic/plugin-wordpress-exploit-scanner-evals-and-base-64s/#post-1486224)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics