Whereas WordPress is often a safe and secure platform, it will possibly fall sufferer to hackers when not maintained, or when poorly developed or outdated plugins are used.
One of many extra frequent strategies for hackers to cover the malicious PHP code inserted in to WordPress is to base64 encode the hacked code, after which use base64 decoding and eval() to execute the code at runtime. (If this has already exceeded your stage of information in PHP or WordPress, seek the advice of a certified web site developer or WordPress knowledgeable for help.)
Thankfully for WordPress customers, base64 code is comparatively simple to identify in PHP code, and appears much like the next:
Since base64 encoding seems as an extended string of random alphanumeric characters, it stands out throughout the PHP code. Usually, this encoding is utilized by a hacker to embed PHP code inside WordPress to output hyperlinks, redirect customers to particular websites, and is worse circumstances, permit unauthorized entry to the WordPress system and database.
Whereas it’s potential to manually search your WordPress theme code for base64 code, there are some plugins obtainable that assist scan and detect probably malicious code for you. One of many extra in style plugins is BulletProof Safety, which is designed to guard a WordPress web site towards XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking makes an attempt.
Whereas utilizing a plugin corresponding to that is more practical at securing a WordPress web site than counting on handbook inspection, it’s critically essential to assessment your WordPress theme and WordPress set up on a recurring foundation. Understanding how your WordPress web site is designed and configured will allow you to to extra readily id conditions wherein the positioning will not be functioning usually. It can additionally change into simpler so that you can spot adjustments in code construction that will point out that malicious code has been injected in to the WordPress theme.