WordPress. Wordfence finds the spy code in the child theme?

In General, the plugin Wordfence was to find this:
Filename: wp-content/themes/twentyfourteen_child/functions.php
File Type: Not a core, theme or plugin file from wordpress.org.
Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: function php_execute($html){\x0aif(strpos($html,"<"."?php")!==false){\x0aob_start();\x0aeval("?".">".$html);\x0a$html=ob_get_contents();\x0aob_end_clean();\x0a}\x0areturn $html;\x0a}\x0aadd_filter('widget_text','php_execute',10...

The issue type is: Backdoor:PHP/evalfunction.6810
Description: Backdoor code to execute malicious commands

Cant it was here in this code:
php_execute function($html){
if(strpos($html,"<"."?php")!==false){
ob_start();
eval("?".">".$html);
$html=ob_get_contents();
ob_end_clean();
}
return $html;
}
add_filter('widget_text','php_execute',100);


Here in this code, the complaint in the child theme.
5e0fe30915acd019918392.png

Previously I had six months there was this code, and nothing went in the scan. This feature shows the last comments. That is, it adds a widget that shows recent comments. And removes the widget title page. I can't remember where I found these codes. In any articles.

What would you recommend to do? Wordfence insists on removing the whole file functions.php. But for interest I have just removed the code above. After that, he calms down.

What to do: look for other functions to display the latest reviews or better plugin? I believe that the code using the child theme better. What do you say? Or continue to ignore Wordfence? Write.
April 4th 20 at 00:42
1 answer
April 4th 20 at 00:44
Rightly swears antivirus plugin. Don't need to follow bad practices and try to implement PHP code in the widget. The correct approach: to create a shortcode and place the entire logic of Your comments. Then an attacker who has gained access to the admin site, nothing serious in it.
Sorry, that's how it is "nothing serious to do" in the admin?
There are actually themes, plugins and what not. - Evelyn_Wisozk commented on April 4th 20 at 00:47
@Eldridge.Gaylord, the admin panel is not getting access to everything. In WordPress out of the box as much as 5 user roles with different rights, plus have the ability to disable edit and update through the admin panel. When you run the code directly in the widget to hack the site will be able to any role that has rights to edit widgets. - althea_Altenwerth48 commented on April 4th 20 at 00:50
The correct approach: to create a shortcode and place the entire logic of Your comments.
How to create shortcode? I'm not really in php. You can read more about this?

Can you provide a link to the article where it says how to create it. And as comments to configure. - bernie commented on April 4th 20 at 00:53
@Wilber.Doyle64the evening with the laptop will send a specific example - althea_Altenwerth48 commented on April 4th 20 at 00:56
@Britney63, OK, thank you! Wait. - bernie commented on April 4th 20 at 00:59
@Wilber.Doyle64, send their code reviews in PHP, that example was specific - althea_Altenwerth48 commented on April 4th 20 at 01:02
@Britney63, I got the standard comments. From WordPress. I no rules. Where they functions to look for?
The box of the usual "Add comment". Well, still worth Akismet anti-Spam filter. It just filters from bots. - bernie commented on April 4th 20 at 01:05
Shortcode example from real project:

is the add_shortcode( 'ha_woo_stock_label', function () {
 $product = wc_get_product();
ob_start();
 if ( $product->is_in_stock() ) {
 echo '<div class="ha-ha stock-stock--in-stock">In Stock</div>';
 } else {
 echo '<div class="ha-ha stock-stock--out-of-stock">Out of Stock</div>';
}
 $output = ob_get_clean();

 return $output;
} );


It is necessary to insert your PHP code and display anywhere content: [ha_woo_stock_label] - althea_Altenwerth48 commented on April 4th 20 at 01:08
@Wilber.Doyle64, well, you're somewhere the PHP code is inserted? In some of the widgets. Here's the code and send. I will make shortcode. - althea_Altenwerth48 commented on April 4th 20 at 01:11
@Britney63In a child theme. in functions.php

And that's what this code will do? Decode. I need recent comments to be displayed in the widget in the right sidebar. With avatars.
You can order? What you need to do it, and where to insert. And then just this code nothing says.

I do not deduce in any place of content (only logo extra so added). The widgets are the same it should be different. Only through a subsidiary. - bernie commented on April 4th 20 at 01:14
@Wilber.Doyle64, again:
  1. Your hack in question allows the use of PHP code in widgets
  2. In one of the widgets in the admin area you have it scored
  3. Just put this PHP code(or the contents of the widget in the ADMIN, if so it will be clearer), I'll do it on the basis of the shortcode
- althea_Altenwerth48 commented on April 4th 20 at 01:17
@Britney63, I already deleted that code and the widget. Now copy from the article. Here you can post a link or not?? ?


that this method did.

Sandoxie this: "WordPress Recent comments with avatars without a plugin." It did. There is an article called. Link here I failed to pass.

And

It says that the file functions.php it is necessary to insert here this code

php_execute function($html){
if(strpos($html,"<"."?php")!==false){
ob_start();
eval("?".">".$html);
$html=ob_get_contents();
ob_end_clean();
}
return $html;
}
add_filter('widget_text','php_execute',100);


Then, save the file, log in to your admin panel, go to appearance – Widgets and add the widget "Text". And in input field write some PHP code, save it, and check the result. To check can use the code below, this code displays all categories of the site.

Prescribed this code for recent comments:

Go to the admin panel at appearance – Widgets. Add a text widget and the entry field insert the code:
<?php $comments = get_comments('status=approve&number=5'); ?>
<ul class="widgcomm">
 <?php foreach ($comments as $comment) { ?>
 <li class="comcont"><?php
 $title = get_the_title($comment->comment_post_ID);
 echo get_avatar( $comment, $size = '35');
 echo '<span class="tecom">' . ($comment->comment_author) . ";
 ?> to post: </span><a class="auth" href="<?php echo get_permalink($comment->comment_post_ID); ?>"
 rel="external nofollow" title="<?php echo $title; ?>">
 <?php echo $title; ?> </a>
"<?php
 echo '<span class="tecom">' . wp_html_excerpt( $comment->comment_content, 35 ) .
 '</span>'; ?>.."
 <?php $d = "M d, Y";
 $comment_ID = $comment->comment_ID;
 $comment_date = get_comment_date( $d, $comment_ID );
 $comment_PID = $comment->comment_post_ID;
 echo $comment_date;?>
 <?php echo 'Total comm.: '.get_comments_number($comment_PID) ?>
</li>
 <?php } ?> </ul>


But since you said it was malicious. So now all removed. - bernie commented on April 4th 20 at 01:20
It is in functions.php:
is the add_shortcode( 'toster_latest_comments', function () {
ob_start();
 $comments = get_comments('status=approve&number=5'); ?>
<ul class="widgcomm">
 <?php foreach ($comments as $comment) { ?>
 <li class="comcont"><?php
 $title = get_the_title($comment->comment_post_ID);
 echo get_avatar( $comment, $size = '35');
 echo '<span class="tecom">' . ($comment->comment_author) . ";
 ?> to post: </span><a class="auth" href="<?php echo get_permalink($comment->comment_post_ID); ?>"
 rel="external nofollow" title="<?php echo $title; ?>">
 <?php echo $title; ?> </a>
"<?php
 echo '<span class="tecom">' . wp_html_excerpt( $comment->comment_content, 35 ) .
 '</span>'; ?>.."
 <?php $d = "M d, Y";
 $comment_ID = $comment->comment_ID;
 $comment_date = get_comment_date( $d, $comment_ID );
 $comment_PID = $comment->comment_post_ID;
 echo $comment_date;?>
 <?php echo 'Total comm.: '.get_comments_number($comment_PID) ?>
</li>
 <?php } ?> </ul8 <?php
 $output = ob_get_clean();
 return $output;
} );

Then, create a widget with a text editor and add this shortcode: [toster_latest_comments]. - althea_Altenwerth48 commented on April 4th 20 at 01:23
@Britney63, Thank You! Works. Where this code specifies the number of displayed comments?
I need only 5 pieces are displayed. - bernie commented on April 4th 20 at 01:26

Find more questions by tags virusesWordPress