Paste your text to the left and click on `Encode` to get the base64 Encoded string to the right
Paste your base64 Encoded string to the left and click on `Decode` to get the original text
Press Clear to reset everything
Everything happens instantly, feel free to contact us in case of any problem
WordPress can fall victim to hackers when not maintained, or when poorly developed or outdated plugins are used even though it is typically considered to be a secure and stable platform
A common methods for hackers to hide the malicious PHP code in WordPress is to base64 encode the hacked code, and then use base64 decoding and eval() to execute the code at runtime.
Fortunately base64 code is easy to spot in PHP code, and looks similar to the following: Since base64 encoding appears as a long string of random alphanumeric characters, it stands out within the PHP code. Typically, this encoding is used by a hacker to embed PHP code within WordPress to output links, redirect users to specific sites, and is worse cases, allow unauthorized access to the WordPress system and database.
While using a plugin to detect base64 injections in your code can be more effective at securing a WordPress site than relying on manual inspection, it is critically important to use an updated plugin.
Understanding how your WordPress site is designed and configured will help you to more readily identify situations in which the site is not functioning normally. It will also become easier for you to spot changes in code structure that may indicate that malicious code has been injected in to the WordPress theme.
Whenever you spot base64 encoded strings in your site, decode it using our tool to detect what it does.