Support » Fixing WordPress » How to recover Admin Page from "PHP Injection" attack

  • Not entirely sure of WP version.
    The website was infected with what we were told is a “PHP Injection”

    We need help form a WordPress expert who can help us fix this problem ASAP.


    By some computer miracle, the website is up, but the administration area is trashed. Whenever I try and go to php-admin, we get an error page:

    “Warning: Cannot modify header information – headers already sent by (output started at /homepages/19/d178103558/htdocs/oldhtdocs/kreskin2/wp-admin/admin.php:1) in /homepages/19/d178103558/htdocs/oldhtdocs/kreskin2/wp-includes/pluggable.php on line 866”

    Line 866 is part of a function:

    if ( !function_exists(‘wp_redirect’) ) :
    * Redirects to another page.
    * @since 1.5.1
    * @uses apply_filters() Calls ‘wp_redirect’ hook on $location and $status.
    * @param string $location The path to redirect to
    * @param int $status Status code to use
    * @return bool False if $location is not set
    function wp_redirect($location, $status = 302) {
    global $is_IIS;

    $location = apply_filters(‘wp_redirect’, $location, $status);
    $status = apply_filters(‘wp_redirect_status’, $status, $location);

    if ( !$location ) // allows the wp_redirect filter to cancel a redirect
    return false;

    $location = wp_sanitize_redirect($location);

    if ( !$is_IIS && php_sapi_name() != ‘cgi-fcgi’ )
    status_header($status); // This causes problems on IIS and some FastCGI setups

    header(“Location: $location”, true, $status);

Viewing 1 replies (of 1 total)
  • I don’t think that code is the problem. I think something has hooked into one of the filters you see in that code. Anyway…

    You need to back everything up as soon as you can– files and database. I don’t know what your host provides for this— FTP access, PhpMyAdmin, etc. This is critical.

    Read FAQ My site was hacked. Follow the instructions line by line.

    To get you started. Look at <yourwebsite>/readme.html. Get the version number. Get a copy of that release from the release archive. When you get to the “Replace the core WordPress files” line in the Hacked FAQ, this is the release you use.

Viewing 1 replies (of 1 total)
  • The topic ‘How to recover Admin Page from "PHP Injection" attack’ is closed to new replies.