1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to deal with the Wordpress Virus that infects most all [Get] wordpress templates?

Discussion in 'Web Design' started by jms12, Jan 6, 2015.

  1. jms12

    jms12 Registered Member

    Apr 17, 2012
    Likes Received:
    I'm wondering if there is a sort of Wordpress plugin that will scan your site for this. Do the basic free wp protection plugins protect against this? I think many of us know that cracked wordpress downloads are a big risk, because you can't virus scan them on your computer like you can with normal downloads (It isn't possible to detect wp infections this way) If you still don't know what I'm talking about refer to this:


    For the future are you aware of any ways to detect/scan for this code before you upload it to your site? There are some malware/cleaner wordpress addons out there. I'm not sure if they'd do the job. But local scanners and Virustotal WON'T DETECT this.
  2. nocare

    nocare Junior Member

    Apr 29, 2013
    Likes Received:
    Deep Code
    No there really isn't that I am aware of. You need to comb through all the executable files of your theme. That may be 10, 20, 300 php files.
    Trace the entire program and know what it is doing. De-obfuscate any hidden code; usually base64. Existence of that in a wp theme is a major red flag in most cases really. Most theme developers don't bother with it because it's only true benefit are the reason base64 is used in transferring some data types.

    This sounds like a pain in the butt, yes. But you can do that or you can purchase a theme or higher a developer.

    In case you do find infected code, you need to understand it and find out what exactly it is doing. This is a case where I have a different opinion than a windows machine. If a pc gets a virus, I format and re-install. Period. I don't trust any malware is gone once I have it.
    However php is very easy to follow what is going on. If any core files are infected, you will see that it is (most likely).
    EXCEPT if you have run the code already. If its already live on your site, you need a full re-install. It could of modified anything, including it's own code, covering its tracks. File edit times may help, but I wouldn't trust.

    cheers. Good luck.
    • Thanks Thanks x 2
  3. Tobbe co

    Tobbe co Junior Member

    Sep 29, 2014
    Likes Received:
    • Thanks Thanks x 1