{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Summer. ? 凉城 的问题《All Wordpress files are hacked. How to remove the》','https://www.manongdao.com/q-896164.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
A friend asked me to look up why his WordPress site is not working at all. It turned out it's hacked.
At the beginning of all PHP files an encoded string is injected, something like this:
$zend_framework=" .... "; @error_reporting(0); $zend_framework("", "...
I have checked the version of WordPress at /wp-includes/version.php and it's 3.5.1.
Have you ever experienced something like this? Do you know a solution of how can I fix these files?