1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to remove Malicious code injected in wordpress website?

Discussion in 'Security' started by Maharani, Jul 18, 2014.

  1. #1

    I have come across to know that someone might hacked my website and has put malicious code with javascript backlink. I am not able to find that scripting code in actual code files. I feel the site has been hacked and I am not able to find the code physically so just do not understand how to remove that code.

    The code is as below:

    Website A :
    <div id="http://www.acai-berry-pure-max.de">http://www.acai-berry-pure-max.de </a> </div> <script type="text/javascript">document.getElementById("1d845e".split("").reverse().join("")).style.display = "none"</script><div id="container">

    Website B :

    <div class="menu-home-container"><div id="2c128728"><a href="http://www.pure-acai-berry-max.de/acai-berry-pure-max/">http://www.pure-acai-berry-max.de/acai-berry-pure-max/</a> </div> <script type="text/javascript">document.getElementById("827821c2".split("").reverse().join("")).style.display = "none"</script>

    My Website has been built on wordpress 3.9.1–en_US

    Please reply the solution. Thank You.
    Solved! View solution.
    Maharani, Jul 18, 2014 IP
  2. #2
    The hack is usually through the theme so delete the theme and reupload it from your backups. If it's still there let us know and we'll get on with plan b
    sarahk, Jul 18, 2014 IP
  3. evuln.com

    evuln.com Greenhorn

    Likes Received:
    Best Answers:
    Trophy Points:
    Also this spam-code can be found in the DB.
    There will be backdoors/webshells for sure. If you just clean your theme then your site will be reinfected soon. You need to eliminate the reason: some vulnerability, outdated WP or it's plugins and remove backdoors.
    If you have enough tech skills we can assits you. If you want quick solution - it will cost some money.
    evuln.com, Jul 19, 2014 IP
  4. DaiTengu

    DaiTengu Active Member

    Likes Received:
    Best Answers:
    Trophy Points:
    Hopefully you have backups, restoring, at the very least, your theme is going to be the first step. For a "quick fix" you should just restore a backup from a time before the code was injected into your site.

    First, once your site is back up, UPDATE ALL THE THINGS. Wordpress, plugins, etc. If there's an update for your theme, update that as well.

    Then, change ALL of your passwords on the website/host. This includes the MySQL database password that wordpress uses to connect to the database, the login/password to your control panel/hosting account, etc.

    This still doesn't mean you're secure, though. That code was injected somehow, and it's entirely possible other things were done as well. Backdoors, "rootkits", etc. may have been installed.

    Is your website on shared hosting, or a VPS/dedicated server? Your hosting provider may be able to assist you as well.
    DaiTengu, Jul 20, 2014 IP
  5. Maharani

    Maharani Member

    Likes Received:
    Best Answers:
    Trophy Points:
    Sorry i'am late to update the situation. as @sarahk suggestion, i'am updating wp theme, @evuln.com give clue to check plugin and sure too many code in there, hide as jpg file and many thank to @DaiTengu for completed info. Now i'am on stage to asking for hosting provider assistant. Thank You guys :)
    Maharani, Jul 20, 2014 IP
  6. ammarweb

    ammarweb Member

    Likes Received:
    Best Answers:
    Trophy Points:
    I've had same issue with my blog as well. I landed here while search for solution. Changing themes didn't worked.

    I finally found what's the reason behind this. This malicious code is injected through a plugin know as Google XML Sitemap for images created by Amit. Here is the link http://wordpress.org/plugins/google-image-sitemap/

    After removing this plugin the malicious code is no more.
    ammarweb, Aug 11, 2014 IP