[resolved] PHP eval(base64_decode(........)) what does this mean and what to do? (6 posts)

  1. Leo
    Posted 3 years ago #

    Hi there,

    Yesterday I suddenly discovered that one of my websites doesn't load. I tried to open the WP Dashboard, but no success either. All I can do is view my WP files from FTP account and also MySQL Database.

    I have found eval(base64_decode(........)) in almost every PHP file I opened. I read some articles but each one has a different problem and they were able to log in to their dashboards.

    I would like to know what this is and what's the reason?
    Should I remove all the content of the folder and reinstall WordPress again?

    Thanks in advance!

  2. andrewmills
    Posted 3 years ago #

    It sounds like your WordPress site has been compromised. This WordPress Codex item is a good place to start.

  3. andrewmills
    Posted 3 years ago #

    As for what this is, and what's the reason . . . sometimes people will encrypt their code in base64 to make it more difficult to spot as malicious code, or to keep people from readily seeing what the code actually does.

    If you really want to decrypt the code and analyze what the code would do, you can find several base64 decoders online. Here's one, for example.

  4. Leo
    Posted 3 years ago #

    Hi Andrew.

    I have read it all, cleaned all the files from the encrypted code and made a copy. Now I am going to install a new copy of WordPress.

    Also I have decrypted the code.


  5. andrewmills
    Posted 3 years ago #

    Sounds good. When you are ready to make things more difficult for people who want to compromise your website in the future, you may want to study this: http://codex.wordpress.org/Hardening_WordPress.

  6. Leo
    Posted 3 years ago #

    Yeah, sure.
    I read it, and also I found a good article on Hardening PHP.

    Thank you!

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.