eval and base64_decode found! Is my website hacked?

Please go through these and follow the instructions:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://codex.www.ads-software.com/Hardening_WordPress

It definitely sounds like you were hacked.
Manually editing the infected php scripts several times on my site resulted in them being re-infected within 30 minutes.
I recommend taking full database backups, as well as taking screen shots and making lists of your plugins etc.
Try exporting the posts/pages etc as well – you might need multiple forms of backup to restore.
Be sure to disable all users as well, except Admin, so nobody else can log in.
When you have saved everything, take your site(s) offline, clean up the database (there are posts on how to do this – sorry I don’t have them handy), and try a fresh install from scratch.
Change your passwords too!!!
Good Luck.

@poddys what I found is, those codes are in the default installation files of WordPress 3.4.2.

Just download WordPress and check in those files, you will find eval and base64_decode codes..

Just download WordPress and check in those files, you will find eval and base64_decode codes..

@shekhar,

Did you confirm that the codes are harmful? Sorry, I have not gone through version 3.4.2 and hence cannot give you any opinion on it.

BTW, can you tell us the file/ folder where you found the codes which you found as harmful?

@krishna it is already been proved that eval and base64_decode are in use to hack WordPress. May be you don’t know that…

Besides, Check the files and folders on the screenshot link on my first post.

&

If you like, install Exploit scanner plugin to confirm.

Thnx

had similar issue after updating WordPress 3 days ago have found all index.php files infected with base64_decode, even the two themes supplied with WP where affected. Have had to delete each index.php file in the wordpress core plus all themes. Sites hosted on mediatemple, Also noticed each infected site had a file in the root with list of IP address. file name: 9fec9686a688eb028f2ca1506bc4b9ac

Would welcome any ideas what this exploit is and how best to deal with it.
So far have replaced all instances of index.php plus deleting the above file from the root dir.

It’s a standard reply, but the reading material is still the same. Krishna provided the one link, here’s the rest.

You need to start working your way through these resources:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
https://sitecheck.sucuri.net/scanner/
https://www.unmaskparasites.com/
https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
https://codex.www.ads-software.com/Hardening_WordPress
https://www.studiopress.com/tips/wordpress-site-security.htm