SOLVED (For my case at least)
If you look at the code that @jommartinez posted – I’m sure that is what affected the site of mine. The only file that is modified is the header.php in the theme. This is reflected in his posted code.
Some of you on this thread may have had a slightly modified version of this or have suffered multiple hacks so this fix may not resolve the issue for everyone here.
For my specific case I did the following;
– Removed the line from the header.php file in your theme – If you can remove the (line in where it is calling the javascript. it may be called in an abstract way like it was on my site using the “cryptico.js” js to encrypt the exploit call making it harder to notice.)
– Once this has been done you will need to roll back your database.
– I would strongly recommend any of you using a PHP version lower than 7.2 to upgrade.
I would be keen to hear if this helped anyone else.
