How to remove Malicious code injected in wordpress website?

Hallo,

I have come across to know that someone might hacked my website and has put malicious code with javascript backlink. I am not able to find that scripting code in actual code files. I feel the site has been hacked and I am not able to find the code physically so just do not understand how to remove that code.

The code is as below:


Website A :
<div id="http://www.acai-berry-pure-max.de">http://www.acai-berry-pure-max.de </a> </div> <script type="text/javascript">document.getElementById("1d845e".split("").reverse().join("")).style.display = "none"</script><div id="container">

Website B :

<div class="menu-home-container"><div id="2c128728"><a href="http://www.pure-acai-berry-max.de/acai-berry-pure-max/">http://www.pure-acai-berry-max.de/acai-berry-pure-max/</a> </div> <script type="text/javascript">document.getElementById("827821c2".split("").reverse().join("")).style.display = "none"</script>


My Website has been built on wordpress 3.9.1–en_US

Please reply the solution. Thank You.

 

Also this spam-code can be found in the DB.
There will be backdoors/webshells for sure. If you just clean your theme then your site will be reinfected soon. You need to eliminate the reason: some vulnerability, outdated WP or it's plugins and remove backdoors.
If you have enough tech skills we can assits you. If you want quick solution - it will cost some money.

 

Hopefully you have backups, restoring, at the very least, your theme is going to be the first step. For a "quick fix" you should just restore a backup from a time before the code was injected into your site.

First, once your site is back up, UPDATE ALL THE THINGS. Wordpress, plugins, etc. If there's an update for your theme, update that as well.

Then, change ALL of your passwords on the website/host. This includes the MySQL database password that wordpress uses to connect to the database, the login/password to your control panel/hosting account, etc.

This still doesn't mean you're secure, though. That code was injected somehow, and it's entirely possible other things were done as well. Backdoors, "rootkits", etc. may have been installed.

Is your website on shared hosting, or a VPS/dedicated server? Your hosting provider may be able to assist you as well.

 

Sorry i'am late to update the situation. as @sarahk suggestion, i'am updating wp theme, @evuln.com give clue to check plugin and sure too many code in there, hide as jpg file and many thank to @DaiTengu for completed info. Now i'am on stage to asking for hosting provider assistant. Thank You guys

 

I've had same issue with my blog as well. I landed here while search for solution. Changing themes didn't worked.

I finally found what's the reason behind this. This malicious code is injected through a plugin know as Google XML Sitemap for images created by Amit. Here is the link http://wordpress.org/plugins/google-image-sitemap/

After removing this plugin the malicious code is no more.