Support » Fixing WordPress » Hack of all PHP pages

  • I just discovered that every PHP page on my WP site has been compromised. There was a .logs folder with a text file with URLs for porn sites in the root. Each PHP file had a long statement placed at the start of each file starting with:

    <?php /**/ eval(base64_decode(“aWYoZnVuY3Rpb…

    I’m hosted on Dreamhost. I’m wondering if the exploit is via WP, mySQL or via Dreamhost. Anyone else seeing this problem?

Viewing 3 replies - 1 through 3 (of 3 total)
  • I found in my theme folder (comment-central), two additional files:


    These appear to be the files that are infecting the rest of the files.

    Looks like the fault is with Dreamhost. I’m finding hacked files in my Joomla install on the same host.

    Christine Rondeau


    Volunteer Forum Moderator

    The first thing to do is to change your FTP password and DH Cpanel password right away.

    Once that’s done, unfortunately, you’ll have to clean up the hacked sites.

    Here’s a link with more info about hacked WP sites –

    Good luck.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Hack of all PHP pages’ is closed to new replies.