---
layout: post
title: Wordpress php eval attacks
categories: [wordpress]
tags: [wordpress]
published: True

---

Sigh. More hacking attempts and seems someone did manage to inject a php eval attack into one of my Wordpress installs.

It's not a silver bullet magic fix, because the database and filesystems can also be compromised, but for those who'd like a quick shell command to clean this type of attack from the PHP files, at least:

    find ./ -name '*.php' -type f -exec sed -i -e '/php eval/ { d; }' {} \;