Title: Weird php code being injected
Last modified: August 22, 2016

---

# Weird php code being injected

 *  [kevinsturf](https://wordpress.org/support/users/kevinsturf/)
 * (@kevinsturf)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/weird-php-code-being-injected/)
 * Hello all,
 * Thanks for reading this and attempting to help with my issue.
 * My problem is that whenever I try uploading a new plugin to my WordPress site,
   it uploads the plugin but then gives me an error and then all my active plugins
   become disabled. After that happens, I check a php file and there’s weird php
   code being injected at the very beginning. This happens to every single php in
   the WordPress directory.
 * I looked up measures to prevent access and modification to files via the htaccess
   file and I added a few but nothing seems to work. They way I get my site working
   again is by manually removing all the injected code.
 * This happened twice so far over the last 2 weeks and it’s quite frustrating. 
   I don’t have any crazy plugins. Mainly the popular ones…SEO, Google analytics,
   the events calendar, security and a few more for visual aesthetics.
 * If someone can shed some light on the problem with a solution, that would be 
   awesome!
 * Thank you very much!

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [barnez](https://wordpress.org/support/users/pidengmor/)
 * (@pidengmor)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/weird-php-code-being-injected/#post-5553043)
 * What does a site scan bring up?: [http://sitecheck.sucuri.net/](http://sitecheck.sucuri.net/)
 *  [RossMitchell](https://wordpress.org/support/users/rossmitchell/)
 * (@rossmitchell)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/weird-php-code-being-injected/#post-5553046)
 * The standard references for fixing hacks are these:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * As a precaution you need to change ALL your passwords, these include:
    – cPanel(
   your web hosting management) – FTP accounts (if in addition to the primary cPanel
   FTP account) – database user – WordPress administrators (and of course not use“
   admin” as a user)
 * It may be worth while also talking to your web hosting support.
 *  Thread Starter [kevinsturf](https://wordpress.org/support/users/kevinsturf/)
 * (@kevinsturf)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/weird-php-code-being-injected/#post-5553140)
 * > What does a site scan bring up?: [http://sitecheck.sucuri.net/](http://sitecheck.sucuri.net/)
 * I did do a scan using that site and all came out good. I did with a clean version
   of the site and when it was infected and same results.
 * > The standard references for fixing hacks are these:
   >  [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   > [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   > [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
   > As a precaution you need to change ALL your passwords, these include:
   >  – cPanel(
   > your web hosting management) – FTP accounts (if in addition to the primary 
   > cPanel FTP account) – database user – WordPress administrators (and of course
   > not use “admin” as a user)
   > It may be worth while also talking to your web hosting support.
 * I did some of these things but I guess I’ll have to change all passwords. I’ve
   also disabled the use of the admin account. I have another admin account.
 * The thing is, we house our server for the website since it’s an institutional
   website. Sadly it uses windows server as the OS. I did my best to secure everything
   but I’ll change up those passwords and read through some of those links.
 * Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Weird php code being injected’ is closed to new replies.

## Tags

 * [injected code](https://wordpress.org/support/topic-tag/injected-code/)
 * [php](https://wordpress.org/support/topic-tag/php/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 3 replies
 * 3 participants
 * Last reply from: [kevinsturf](https://wordpress.org/support/users/kevinsturf/)
 * Last activity: [11 years, 5 months ago](https://wordpress.org/support/topic/weird-php-code-being-injected/#post-5553140)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics