How To Identify Potential WordPress Hacks
While WordPress is typically a secure and stable platform, it can fall victim to hackers when not maintained, or when poorly developed or outdated plugins are used.
One of the more common methods for hackers to hide the malicious PHP code inserted in to WordPress is to base64 encode the hacked code, and then use base64 decoding and eval() to execute the code at runtime. (If this has already exceeded your level of knowledge in PHP or WordPress, consult a qualified website developer or WordPress expert for assistance.)
Fortunately for WordPress users, base64 code is relatively easy to spot in PHP code, and looks similar to the following:
Since base64 encoding appears as a long string of random alphanumeric characters, it stands out within the PHP code. Typically, this encoding is used by a hacker to embed PHP code within WordPress to output links, redirect users to specific sites, and is worse cases, allow unauthorized access to the WordPress system and database.
While it is possible to manually search your WordPress theme code for base64 code, there are some plugins available that help scan and detect potentially malicious code for you. One of the more popular plugins is BulletProof Security, which is designed to protect a WordPress website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts.
While using a plugin such as this is more effective at securing a WordPress site than relying on manual inspection, it is critically important to review your WordPress theme and WordPress installation on a recurring basis. Understanding how your WordPress site is designed and configured will help you to more readily identity situations in which the site is not functioning normally. It will also become easier for you to spot changes in code structure that may indicate that malicious code has been injected in to the WordPress theme.