I just finished cleaning up two separate installations of WordPress (on two different servers) which had been infected with some malicious code. This is simply to spread the word so that others experiencing the problem know what to do.
The most obvious symptom of this infection was that, upon logging in to the Admin section, the Dashboard page would load completely and then suddenly go blank. If your browser status bar is visible, you should see the site contacting your domain (as it normally would) then, after the page has loaded, it will state “resolving host” before giving you the blank, white page.
The fix was actually fairly simple. In WP Admin, navigate to the editor. Go one by one through the PHP files listed on the right, removing the string of base64 code which has been appended at the very top of each file. Once you have cleaned out the malicious code from each file, you will also need to do the same for your wp-config.php file.
That should do it. When you’ve removed all of the offending bits of code, you should be able to load your Dashboard normally.
- The topic ‘Virus Appending Base64 Code to All PHP files’ is closed to new replies.