One of the wordpess site was hacked with a spam link. spam link was porn and pharma link automatically generated in the website. After browsing internet it was bas64_encode added in reverse in the theme functions.php file.

base64_encode code as a reversed string and the strrev() makes it hard to find the two biggest red flags here: base64_encode and eval.


[sc:tcbox ]


[sc:/tcbox ]

After removing the particular php codes everything was solved.