Parse error: syntax error, unexpected '/' on line 12 .php

Line 12 is calling /wp-load.php, so it’s something in that file.

Probably best to try downloading WordPress again and delete then replace your copies of everything except the wp-config.php file and the /wp-content/ directory with fresh copies from the download. This will effectively replace all of your core files without damaging your content and settings. Some uploaders tend to be unreliable when overwriting files, so don’t forget to delete the original files before replacing them.

So I need to delete everything in the root directory except the wp-config.php and the /wp-content? folder, but couldn’t those files include malicious code from the initial hack as well?

Will the core file restore alter the look and feel of the website once completed?

Is there also a way to prevent this from occurring in the future?

I appreciate the help on this.

If you still haven’t cleaned up the original hack, carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

Hey.

I just came across the same syntax error.

Parse error: syntax error, unexpected ‘/’ in /home/cyprianf/public_html/wp-blog-header.php on line 12

https://www.cyprianfrancis.com

Looking for a solution, but want to address this to the public in case it might be a specific plugin causing it.

Are you by chance on Hostgator?

Don’t try to “fix” files like this. Just get the original copy from here and replace the file with the known good one.

https://www.ads-software.com/download/

For reference, this line is incorrect:

require_once( dirname(__FILE__) . /wp-load.php );

Do you notice why? If not, then you’re not qualified to try to fix it. Just download an original ZIP file of WordPress, and replace all the WordPress files with the good copies.

Hey, so I just fixed this error by going into to the wordpress backend and reinstalling the most recent version of wordpress. Worked like a charm.

Good luck!

Thanks for the help, All!

Back online for now, and at least know where to start should this happen again.

Time to back-up and change credentials!

Truly appreciate the insight.

Thanks for sharing your solution!

Updated to version 4.3, issue resolved.

Thanks for the advice.

I spent last night cleaning up 3 sites with this exact problem.

On one site, the wp-blog-header.php had “visitortracker” code appended. That led me to search through various files where I discovered lots of visitortracker code in JS files throughout all 3 sites. Most were JS files in plugins, but some were buried in wp-includes/Simplepie and wp-includes/Text/Diff

I initially found some of them by noticing the recent date changes that did not match other files in the same folder. There were also added files that did not match my backups.

So I changed all passwords, new salt keys, reinstalled fresh WP 4.3 (4.3 was already installed but I wanted to make sure I had all new files), reinstalled all plugins (using sucuri’s plugin), then added iThemes Security.

I hope it’s not a WP 4.3 issue. I assume it was a vulnerability in either a plugin that had not been updated on time, or maybe something with the server (HostGator). We’re contacting them too.

You may want to implement some (if not all) of the recommended security measures.

I had the same issue with 2 of my own sites (on HostGator) 2 days ago and this morning one of my clients (also HostGator) reported the same issue.

By comparing to other sites that are working, I figured out the problem was missing single quotes in these lines of code in wp-blog-header.php
______________
require_once( dirname(__FILE__) . /wp-load.php );

wp();

require_once( ABSPATH . WPINC . /template-loader.php );
_______________
I corrected the code by adding back those single quotes to look like this, and the sites came back up.
_________________
require_once( dirname(__FILE__) . ‘/wp-load.php’ );

wp();

require_once( ABSPATH . WPINC . ‘/template-loader.php’ );
_______________

I would love to know what’s causing this. For my client’s site, she did report that she added a new blog post and then the error showed up when she tried to view the site. Her site is protected by Sitelock, but mine aren’t.

Any clarification on what might be causing this would be most appreciated.

Did it only happen once, or does it continue to happen?

It only happened once on each of the sites. The error hasn’t come back since I repaired the code in wp-blog-header.php

It showed up on 2 of my own sites this past Monday, and on my client’s site a few hours ago.

I logged a ticket with HostGator, but haven’t yet heard back.