wordpress

My wordpress website being hacked with code eval($_SERVER['HTTP_81DB2B3']


I have a problem with my website, I get information from wordfence about my WordPress website getting hacked

enter image description here add found a code eval($_SERVER['HTTP_81DB2B3'] so i removed it but in a few second the code going back. someone, please help me


Solution

  • I had something very similar to this. Go to your cPanel and search for "Cron Jobs" and scroll down to see if there's any malicious cronjobs setup. You might have some that look like eval(gzinflate(base64_decode(.... that are essentially causing this to reoccur. Not a complete fix to this issue, but you'll have to delete those cronjobs to ensure that that line of code doesn't keep reappearing. In addition to that, you'll also need to make sure those cronjobs don't show up again. Use a plugin like Wordfence (suggested above as well) to look for malicious files and if it helps replace your home directory (except for wp-content and wp-config) with fresh files.