I'm trying to clean up a small hack on my Wordpress site. It's located at http://www.mydermakare.com. I found the initial spam code in the index.php file and deleted it, but I'm still getting a function session-start error at the top of my page.
Any ideas on where I can find the problem code?
preguntado el 31 de enero de 12 a las 16:01
http://ismyblogworking.com/mydermakare.com shows the results of hack code in your robots.txt file as well as the RSS feed. You're still hacked.
Replace all core WP files and folders, except your theme. That's where the php error is coming from.
Do a complete job of cleaning the hack or it will happen again. See Preguntas frecuentes: mi sitio fue pirateado «WordPress Codex y Cómo limpiar completamente su instalación de wordpress pirateada y Cómo encontrar una puerta trasera en un WordPress pirateado y Endurecimiento de WordPress «Códice de WordPress and tell your host. Change all passswords and scan your own PC. Maybe even find a better, more secure host.
The lines before line 10 are causing the headers to get sent before line 10 can add/change them. Showing us lines 1-10 might help.
EDIT: Yes i think you have been hacked or something http://sucuri.net/malware/malware-entry-mwjs160 At this point i'm going to step a side, bit too complicated for me and i don't want to tell you the wrong thing.
Did you close your php tag in index.php. Is there any extra space. the error shown here is due to session_start() called in quick-contact.php in quick contact plugin. But PHP had outputted something before. Remove any white space before or after the php tags in any of the primary files
I think this is not the problem with index.php. i think you have added some space somewhere in your php files after the tags. Can you check those
Judging from the comments here, your best bet is to probably restore the entire site from a backup. You'll still run into the problem that the vulnerability is still there and likely exploitable still by whoever 'hacked' the site the first time. Finding the particular exploit that was used is fairly far beyond what can be done over a forum like this, but you could probably start by looking at all of your plugins and making sure they're up to date.