skip to Main Content

I have a problem with my website, I get information from wordfence about my WordPress website getting hacked

enter image description here add found a code eval($_SERVER['HTTP_81DB2B3'] so i removed it but in a few second the code going back. someone, please help me

2

Answers


  1. If your website got hacked then I guess more than 1 file was affected by it,


    case-1: If you are able to access the WordPress Backend In this case, if you are able to access the WordPress backend then I suggest you

    Step-1: Add one plugin called (Wordfence Security – Firewall & Malware Scan
    ) and scan your website with it.

    Step-2: After scanning the site remove all suspicious code from the site.

    Case 2: If you are not able to access the WordPress backend then you have to update your WordPress manually with the hosting file manager or FTP.


    Please Note: Please take a backup of your website before do any changes.

    Login or Signup to reply.
  2. I had something very similar to this. Go to your cPanel and search for "Cron Jobs" and scroll down to see if there’s any malicious cronjobs setup. You might have some that look like eval(gzinflate(base64_decode(.... that are essentially causing this to reoccur. Not a complete fix to this issue, but you’ll have to delete those cronjobs to ensure that that line of code doesn’t keep reappearing. In addition to that, you’ll also need to make sure those cronjobs don’t show up again. Use a plugin like Wordfence (suggested above as well) to look for malicious files and if it helps replace your home directory (except for wp-content and wp-config) with fresh files.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search