PHP code found in WordPress theme

General PHP Help
#1

I found about 174 lines of code – just letters and numbers – hidden in a blog theme. Since then I check every file in a theme before using it.

Just got a new theme with the following code in footer.php

[php]<?php $_F=__FILE__;$_X='Pz48ZDR2IGNsMXNzPSJGMjJ0NXIiPg0KICA8ZDR2IGNsMXNzPSJGMjJ0NXItNG5uNXIiPiA8MSBocjVmPSI8P3BocCBibDJnNG5mMigncnNzYV8zcmwnKTsgPz4iIGNsMXNzPSJyc3MtdDFnLTRjMm4iIHQ0dGw1PSJSU1MgTjV3cyI+PC8xPg0KDQogICAgPGQ0diBjbDFzcz0iRjIydDVyLXQ1eHQiPg0KICAgICAgPHA+DQogICAgICA8cD48MSBocjVmPSI8P3BocCA1Y2gyIGc1dF8ycHQ0Mm4oJ2gybTUnKTsgPz4vIj48P3BocCBibDJnNG5mMignbjFtNScpOyA/PjwvMT4uIFAydzVyNWQgYnk6IFcycmRwcjVzczxici8+DQogICAgICAgIEluIGMybGwxYjJyMXQ0Mm4gdzR0aDogPDEgaHI1Zj0iaHR0cDovL3d3dy4xbGxwNDVyNWM0cDVzLmMybSI+UDQ1IFI1YzRwNXM8LzE+LCA8MSBocjVmPSJodHRwOi8vZ3I0bGxiYnFyNWM0cDVzLmMybS8iIHQ0dGw1PSJHcjRsbDRuZyBSNWM0cDVzIj5HcjRsbDRuZyBSNWM0cDVzPC8xPi4gRDJ3bmwyMWQgZnIybSA8MSBocjVmPSJodHRwOi8vd3BmcjU1dGg1bTVzLm4xbTUvYzF0NWcycnkvcjVzdDEzcjFudC13cC10aDVtNXMvIiB0NHRsNT0iUjVzdDEzcjFudCBXUCBUaDVtNXMiPlI1c3QxM3IxbnQgV1AgVGg1bTVzPC8xPi4NCiAgICAgIDwvcD4NCg0KICAgIDwvZDR2Pg0KICA8L2Q0dj4NCiAgPGQ0diBjbDFzcz0iRjIydDVyLWIxY2tncjIzbmQiPiA8L2Q0dj4NCjwvZDR2Pg0KPC9kNHY+DQo8L2Q0dj4NCg0KPC9kNHY+DQoNCjxkNHY+DQogIDwvZDR2Pg0KPC9iMmR5PjwvaHRtbD4=';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>
[/php]

I ran it through several online decoders but nothing came up. So, is this safe code for an ad or dangerous and to be removed?

Thanks

#2

Depends on where you got the theme. If its from themeforest or one of its sister sites, then its probably nothing to be concerned about. its actually 2 different variables and $x looks like a url or maybe a key of sorts, possibly to let the creator know who’s using it. $_F could be a custom class or construct.

Sponsor our Newsletter | Privacy Policy | Terms of Service