Article directory
Almost 90% are caused by "malicious code".
WordPressMore than 80% of websites are plugins that bring malicious code into website accounts (there are official website plugins, online streaming plugins, etc.).
The other is that the theme (cracked version, pirated theme) is a "malicious code" or "backdoor Trojan horse" that enters the server to spread damage.
right now,Chen WeiliangWill show you how to find it ahead of time by analyzing the WordPress theme code?
Analyze and exclude malicious code in function.php
The most common thing about "malicious code" in WordPress is function(s).php in the theme directory.
At the end of the function.php file, there is usually a closing comment like this:
//全部结束 ?>
If you find that there is no such closing comment then you are basically sure that your function.php file has been tampered with and you need to check it.
What is the malicious code of WordPress theme?
For example, the following line of code:
- function_checkactive_widgets
- function_check_active_widget
- function _get_allwidgets_cont
- function _get_all_widgetcont
- function strips
- function strripos
- function scandir
- function _getprepare_widget
- function_prepared_widget
- function __popular_posts
- add_action("admin_head", "_checkactive_widgets");
- add_action("init", "_getprepare_widget");
- _verify_isactivate_widgets
- _check_isactive_widget
- _get_allwidgetscont
- _prepare_widgets
- __popular_posts
- Each row is independent.
- If you have any of the above code in functions.php then you may be infected with malicious code.
- Among them, function, add_action, etc. are usually code that belongs to "malicious code" and "preparation activity".
How to remove function.php malicious virus code?
It's also easy to clean up.
Just in the function.php file, find the above code and delete it.
But once infected, all themes in the theme directory will be infected.
So you just know that the currently used theme is invalid, and once cleared, it will be generated very quickly.
After cleaning the theme code, set the functions.php file to 444 permissions and then clean other themes.
Finally, do you need to change the permissions back to the functions.php file,Chen WeiliangIt is recommended that 444 permissions are very secure.
When you want to modify it, it's okay to modify it then.
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ ) shared "What is the malicious code of WordPress theme?Website Malicious Code Analysis" to help you.
Welcome to share the link of this article:https://www.chenweiliang.com/cwl-1579.html
Welcome to the Telegram channel of Chen Weiliang's blog to get the latest updates!
📚 This guide contains huge value, 🌟This is a rare opportunity, don’t miss it! ⏰⌛💨
Share and like if you like!
Your sharing and likes are our continuous motivation!