Title: malware in functions.php
Last modified: August 20, 2016

---

# malware in functions.php

 *  [was955](https://wordpress.org/support/users/was955/)
 * (@was955)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/)
 * hi
 * i am having malware in my theme in wordpress 3.3.1 it is found in functions.php
   here is the code i can’t find what is causing this???
 * can someone help
 * _[ Do not post malware code here. If you must share (really you don’t need to)
   use [pastebin.com](http://pastebin.com/) instead. ]_

Viewing 13 replies - 1 through 13 (of 13 total)

 *  Thread Starter [was955](https://wordpress.org/support/users/was955/)
 * (@was955)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682734)
 * this article explains about the problem
 * [http://redleg-redleg.blogspot.com/2012/02/redirects-to-googosearch-biz.html](http://redleg-redleg.blogspot.com/2012/02/redirects-to-googosearch-biz.html)
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682753)
 * The what the code is doing isn’t really useful. What you need to start doing 
   is delouse your installation.
 * Start working your way through these resources:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/)
   
   [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/)
 * [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)
 *  [perezbox](https://wordpress.org/support/users/perezbox/)
 * (@perezbox)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682844)
 * If what was955 doesn’t work let us know. Post the url also so that we can take
   a look.
 * Thanks
 *  Thread Starter [was955](https://wordpress.org/support/users/was955/)
 * (@was955)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682852)
 * [http://pastebin.com/fPpLJcFy](http://pastebin.com/fPpLJcFy)
 *  [perezbox](https://wordpress.org/support/users/perezbox/)
 * (@perezbox)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682853)
 * Hi what is your site.
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682854)
 * Use the links that Jan posted above,.
 *  Thread Starter [was955](https://wordpress.org/support/users/was955/)
 * (@was955)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682855)
 * my site is
    [http://arab-seo.net/](http://arab-seo.net/)
 *  [perezbox](https://wordpress.org/support/users/perezbox/)
 * (@perezbox)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682856)
 * Hi was955
 * Have you followed the links Jan provided? Where are you in the process?
 * Did you already remove it from your site?
 * As to what is causing it, its always hard to say without analyzing your site.
 * The one thing I would add is don’t stop at looking at just this site, extend 
   it to the server or account in which it sits. It could be a backdoor you are 
   missing.
 * Here is an example of why: [http://blog.sucuri.net/2012/03/website-cross-contamination-blackhat-seo-spam-malware.html](http://blog.sucuri.net/2012/03/website-cross-contamination-blackhat-seo-spam-malware.html)
 * Another big trend we’re seeing is this: [http://blog.sucuri.net/2012/03/a-little-tale-about-website-cross-contamination.html](http://blog.sucuri.net/2012/03/a-little-tale-about-website-cross-contamination.html)
 * There are also all the obvious things like vulnerable third party tools and poor
   server and account management.
 * As you can see, many variables to consider.
 * Thanks
 *  Thread Starter [was955](https://wordpress.org/support/users/was955/)
 * (@was955)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682857)
 * well i always remove the code from the functions.php the problem it comes back.
 * i am trying all the options
 * the site is the only site who is infected in the server
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682858)
 * > well i always remove the code from the functions.php the problem it comes back.
 * That’s why it’s really critical that you delouse your WordPress installation 
   as well as your server. If you don’t close the door that the attacker is using,
   you’ll just continue to attack the symptoms.
 * Follow those links I posted earlier, they really can help you understand as well
   as help you clean up that mess.
 *  [perezbox](https://wordpress.org/support/users/perezbox/)
 * (@perezbox)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682859)
 * +100 Jan
 *  Thread Starter [was955](https://wordpress.org/support/users/was955/)
 * (@was955)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682862)
 * ok i’ll continue tommorow
 * should i delete unactive plugins
 *  [perezbox](https://wordpress.org/support/users/perezbox/)
 * (@perezbox)
 * [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682863)
 * Yes – [http://blog.sucuri.net/2011/10/remove-unsused-testing-debug-software-from-your-site.html](http://blog.sucuri.net/2011/10/remove-unsused-testing-debug-software-from-your-site.html)

Viewing 13 replies - 1 through 13 (of 13 total)

The topic ‘malware in functions.php’ is closed to new replies.

## Tags

 * [functions](https://wordpress.org/support/topic-tag/functions/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 13 replies
 * 4 participants
 * Last reply from: [perezbox](https://wordpress.org/support/users/perezbox/)
 * Last activity: [14 years, 1 month ago](https://wordpress.org/support/topic/malware-in-functionsphp/#post-2682863)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics