PHP code in functions.php of all wordpress websites on my shared hosting

Question

I have a shared hosting and some wordpress websites on that. Recently sometimes when I visit my websites, popup opens. So I opened template directory of one wordpress website in

Answer 1

I know this answer is very late but I'll share my experience to help any one who has this problem. cause of this issue can be a plugin that you downloaded from outside of wordpress.org or some body has access to your wordpress admin account and you doesn't already close editor.php in appearance tab or hacker has your ftp user and password or ... to solve this create a full backup first and save it in your computer in case of doing any mistake and then:

1. go to theme directory of your wordpress site and delete all of the unused theme because they are infected already.
2. in active theme edit your functions.php file and delete all extra code inserted by malware. you can search for wp_vcd or wp-tmp words to find the code.
3. download latest wordpress installation. then delete wp-include and wp-admin folder and all files in public_html except wp-content folder and .htaccess file and wp-config.php file. after that replace deleted files and folder with downloaded wordpress.
4. remove all plugins that you downloaded from known source.
5. finally change all of your passwords like ftp, admin panel, cpanel or direct admin and ... in case if hacker saved your info somewhere.

hope this little guide can help someone.