To fix you need to change $allowed sites to be an empty array.
e.g. $ALLOWED_SITES = array();
An example of what you may initially find:
$ALLOWED_SITES = array (
If you have been affected then you need to clear out the infection on your server:
Search your wordpress directory for the base64_decode function and make sure you don't have any odd looking long encoded strings anywhere.
wordpress zero day