This is simple threat scan that looks for things out of place in the directory as well as the database..
It searches PHP files for the occurrence of the function, which.
If you find theme or plugin that uses the function it's safer to delete it and ask the author to provide version that does not use this function..
When you scan your system you undoubtedly see the eval used javascript because it's used in AJAX and JSON functionality.
It just means that you should inspect the code to make sure that it's in javascript section and not native PHP..
Normally, javascript is in the body, but if the script tag is found in title or text field where it does not belong it's because the script is hiding something, such as hidden admin user, so that the administration pages do not show bad records.
After many hours of checking I was able to fix the problem, but professional could have done it faster and easier.
You do not have backup to your blog, so if this scan shows you are clean your next step is to install one of the plugins that does regular backups of your system.
The next step is to install the version of WordPress.
You may want to export your WordPress posts, make new clean installation of WordPress, and then import the old posts..
Read more
Related items:
