Generic answer: http://codex.wordpress.org/FAQ_Troubleshooting#How_do_I_solve_the_Headers_already_sent_warning_problem.3F
But. Since you’re saying it was a hack, try re-uploading a fresh copy of the WP files (no, this will not kill your site). If that solves it, change your passwords ASAP and read this:
http://codex.wordpress.org/FAQ_My_site_was_hacked
thanks, I will do this immediately.
Figure out what this was?
argh. my websites have had big problems…. not sure what this one was. but my webhost found someone (or something) was editing some of my files without my permission.
I had the IFRAME virus, that kept reappearing on various html and shtml pages every time I deleted the bad code. and another one too that inserted some weird code into various php pages that were part of wordpress, even though my WP was all updated.
I think I finally got rid of it. Ultimately it was my webhost who sent me a list of files that had suspicious code on them and I removed it all manually.
I was unable to find a scan tool on my own that could find the bad code or remove it.
Do you have a list of these files? were any of them WordPress core files?
I’m having the same issue on a friends site and it’s inserting a 64 ebit encoded string into index.php so I have to remove that but I want to find out where the source of the attack is coming from within the system.
ok here ya go. this is an example of the code that kept re-inserting itself on several of my wordpress php pages:
<?php eval(base64_decode(‘ZXJyb3JfcmVwb3J0aW5yYXkoI...
It’s nasty stuff…. keeps coming back.
I was not able to determine what exactly was causing it to come back. I only know it finally stopped coming back when my webhost gave me a long list of files that had suspicious code in it, and I removed all of them…. i either removed the entire file if it seemed unused, or I removed the bad code from the file. there were a bunch of them. when I finally got rid of all of them, it stopped coming back. at least for now!
as a note, the webhost (which is bluehost) gave me a list of bad files several times. it was like the 3rd time I kept going back to them and saying my site is still infected and then they finally gave me a longer list. I asked them what tool they used to find the bad code and they said it is in-house and it’s not for public use.
which leaves us in the dark.
if there was a good tool I could use on my own to scan my site, I would use it.
good luck. let me know if you find anything.
oh and by the way sometimes you can get good help at stopbadware.com
thanks. I only posted a tiny bit of the bad code so hopefully that won’t screw anything up. i was only trying to help…
i did change the passwords and scan my pc and it was useless. what tool would you suggest for scanning my PC? I even downloaded my entire website via FTP and scanned all the files with AVG and Malwarebytes and neither of them could find any problems, even though I knew exactly where there was bad code, neither could find it.
I did try many things. I searched for a tool that could scan my site and none I found were effective.
note…. i was also getting the IFRAME malware on some html files (not wordpress). in the same way I would remove the bad code and it would reappear. I’m not sure if this is related to the base64 stuff I was getting on my wordpress, but they both went away when bluehost gave me a good list of problem files and I nixed them.
I will check out your links. thanks. this has been really frustrating and I’m hoping it doesn’t start up again soon.
