This is searchable archive of our old support forums, which operated from 2012 - 2016. To find out how to get support for your current theme, please visit our support page.

eval(base64_decode(error)

  • Creator
    Topic
  • May 26, 2014 at 6:23 pm #17135
    magicss
    Participant

    Hi Jason,
    I have been slowly tracking a hack that happens to my wordpress install (seattlegirlschoir.org).

    “eval(base64_decode(error);”

    shows up in place of all of the code in the file “content-404.php”

    The hacker also changes the index.php for the entire site and then redirects happen when regular users hit our site with a page that does not exist, and sometimes even with any page. I could say more, but I bet you already know all about this type of phenomena….

    Obviously I doubt this to be caused by or related to your systems, but after months of dealing with this, I am slowly starting to remove php plugins from the site. (Akita or TBlvd plugins will be last, if I ever get that far. I plan to switch hosts before that, just to see if it is the host.)

    I am about to remove the calendar by timely called the allinone calendar. My error log always shows lots of errors in their code whenever this hack appears. The log also shows errors in the 404 file inside the akita child theme (since that file has been changed by the hacker).

    Any ideas from you would be most welcome as this is a long horrible process. No one knows what code is causing it or if the host account may be the cause, so I just have to make one change and wait to see if we get hacked, then replace the two files with good ones and try again….

    Thanks,
    -SS

  • Creator
    Topic
Viewing 1 replies (of 1 total)
  • Author
    Replies
  • May 27, 2014 at 12:33 pm #17141
    Jason Bobich
    Keymaster

    Hello,

    I would just get a fresh copy of all of your plugins from the original source, and get the the main parent theme from ThemeForest, and download a copy of your child theme, /wp-content/uploads/ directory, and /wp-config.php.

    Then you can just delete all WordPress files on your server, re-upload WordPress core, and re-upload the theme, plugins, /wp-content/uploads/, /wp-config.php, and your child theme.

    All of your data is stored in your MySQL database; so the after re-storing the /wp-config.php and connecting back to the same database, the site will be restored.

    And then, in this scenario, the only thing that could possibly have malicious code in it would be your child theme, but I’m sure you can quickly tell that by looking in your child theme, as you only have one PHP file in it (or a few, depending on your customizations).

  • Author
    Replies
Viewing 1 replies (of 1 total)
  • The forum ‘Akita Responsive WordPress Theme’ is closed to new topics and replies.