How can I remove content injected in my wordpress website?

by joseph102 16 replies
i got message in webmaster "hacked:content injection" . I found content in view source of all pages but i don't know how to find in which file this code exist. Can you help me fix this issue?
#search engine optimization #content #injected #remove #website #wordpress
Avatar of Unregistered
  • Profile picture of the author ruther
    There are Google blog to say that how to this occur & what to do while this happen. Id have a complete guide. So you refer it.
    {{ DiscussionBoard.errors[11073712].message }}
    • Profile picture of the author joseph102
      Mr. I read it tried those thing but issue still not fixed that's why i posted this here.
      {{ DiscussionBoard.errors[11073715].message }}
      • Profile picture of the author mytrafficjourney
        2 quick steps that should help

        Step 1/2: Get rid of the weakest link (Your PC)

        The first step is to make sure that you have removed any viruses and malware on your PC. Not doing so can infect your websites.

        2 Free softwares for this:
        a) Avira Internet Security Suite (Protects & removes viruses from your PC).

        b) Malwarebytes(Removes hidden Malware from your PC).

        Step 2/2: Malware removal and protection.

        Lots of services out there but one I have tested and like is Sucuri including their firewall (do a Google search on them).

        This will help get rid of Malware and protect your sites moving forward.

        Hope that helps.
        {{ DiscussionBoard.errors[11092422].message }}
        • Profile picture of the author MikeFriedman
          Originally Posted by joseph102 View Post

          I have not changed theme or added any new plugin from last 1 year. I am facing this issue from last week. Anyway Thanks for suggestion.
          It doesn't matter when you made the changes. It still could be, and likely is, from one of your plugins or theme. Either an update caused it or a hacker got in through a vulnerability in one of them.

          I would do as Yukon suggested.
          {{ DiscussionBoard.errors[11092586].message }}
  • Profile picture of the author YogeshChhabra
    Your site is hacked and the hacker has put some malicious content on your website.You have to remove that from backend and then for further security change your websites password for that account from which the hacker was uploading content.
    {{ DiscussionBoard.errors[11073713].message }}
  • Profile picture of the author Carloscalvin
    Hiii Joseph.. i think your site content is hacked. please check your website admin panel/cpanel may be hacker added some script code (ajax script) if added just removed it and give time to crawling.
    {{ DiscussionBoard.errors[11073725].message }}
  • Profile picture of the author jibranseo
    if you bought a wordpress theme so yes it is hacked by theme designer or developer
    because now you would be receiving emails for better from some companies.
    just change your layout into html and css
    for that you can buy from themeforest sitetemplates.
    .
    for the last 3 or 4 years i am using html css sitetemplate's theme for my own 4 domains and they are ranking on several keywords.
    {{ DiscussionBoard.errors[11073753].message }}
  • Profile picture of the author Capaly
    You probably did not update your WordPress to the latest version 4.7.2. The update was issued on January 26th.

    WordPress has also acknowledged the issue and published a blog post earlier.
    Read the blog post here: Disclosure of Additional Security Fix in WordPress 4.7.2
    {{ DiscussionBoard.errors[11073798].message }}
  • Profile picture of the author MrJack Mcfreder
    Hi,

    From my experience, most of the injections are done through plugins folder. Access your ftp and within 'wp-content' rename 'plugins' folder to 'plugins-old' and create a new empty folder: plugins

    Now access your webmaster tools and find the extract that contains the injected content. Then access your admin panel and go to plugins page you should see that all plugins are disabled. And now go to your website and check if you can see that injected code.

    If you can still see the injected content, then it's 100% your theme. so all you have to do is to switch to any twenty default themes and compare again. if the injection is gone, then all you have to do is to check your theme files especially: index.php/footer.php/header.php/home.php/single.php/page.php/functions.php

    GL,
    {{ DiscussionBoard.errors[11073980].message }}
  • Profile picture of the author yukon
    Relax, you're not hacked.

    You've added a Wordpress plugin or theme to your site that included malicious code.

    There's a difference between being hacked and self inflicted problems.

    Disable each plugin one at a time until the problem code is removed from the HTML source code on the live webpage. Work through each plugin one by one until you find the problem. Do the same for the theme, switch to the default wordpress theme and see If the problem code is still there or not.
    Signature
    We had the technology.
    {{ DiscussionBoard.errors[11074034].message }}
    • Profile picture of the author joseph102
      I have not changed theme or added any new plugin from last 1 year. I am facing this issue from last week. Anyway Thanks for suggestion.
      {{ DiscussionBoard.errors[11074038].message }}
    • Profile picture of the author joseph102
      Okay i will try this.
      {{ DiscussionBoard.errors[11074044].message }}
  • Profile picture of the author DWaters
    I use the plug in Wordpress Firewall and it appears to block the malicious attacks on a regular basis. I put it on all my sites.

    Also be sure to keep all themes and plugins up to date with the latest versions. Any themes or plugins that you are not using should be removed form your dashboard.
    {{ DiscussionBoard.errors[11074042].message }}
  • Profile picture of the author Chris Gylseth
    The suggestions provided would be the first steps to take to see if it will clean things up for you. There is always a chance your site actually has been hacked. It happened to me once because the computer of one of the people with access to the site had been hacked while he was on a business travel. It was a big mess. I followed every guide out there to remedy the situation. The domain that had been hacked was on an account with several other domains, many of which had been affected through the implant of malware scripts.

    A couple of earlier hacking attempts had been easy to fix, but this one was particularly nasty. I spent hours looking through every file and folder, cleaning up code within otherwise correct files, and removing bad files.

    In the end I was not able to get it all as it required access to the root level of the server and because this was on a shared hosting account the hosting provider would not give me that level of access. If you're on a shared hosting account I would highly recommend that you at least get a dedicated VPN after you have cleaned up the mess.

    Since I was not able to clean everything up myself, the hosting provider suggested I used one of their partner services that deal with cleaning up sites. Both this service and several other services I checked out were quite expensive, so I was happy when I found a service called We Watch Your Website. I checked them out before buying their service and decided to try them out. Their service was fantastic, and they cleaned up everything quicker than most of the other services said it would take to even get started. I don't know how they managed to clean up what I had not access to do, but I do know they took care of the problem, closed all back-doors, and most importantly, I have had no problems since. If taking the steps others here have suggested does not help you, I would encourage you to try them out.

    No, I am not affiliated with them in any way, shape, or form. In fact, I asked if I could become an affiliate, but the owner replied that they wanted to be able to continue to offer a low pricing so he was not interested in having any affiliates. You might think this is crazy, but I respect his honesty and ethics, and his commitment to provide an affordable service. As an example, he once was in final stages of negotiating the sale of his business, but he caught that one of the staff members on the buyer side stated that they couldn't wait to get the deal and to rise the prices. The owner stopped the deal cold right there and then. The world needs more honest business people like this.
    {{ DiscussionBoard.errors[11074184].message }}
  • Profile picture of the author fratt55
    hey there
    the way to fix your issue is
    a..it appears you are hacked but first see if you can still log into the back end of the website with user and password.. if you can then start by disconnecting each page temporarily one by one andsee if you can resolve the issue
    b....if you cannot log into the back end .. then you will have to get to your website service provider to have them access it for you or give you a backup of the site..
    c..if you have an exixting back up you could easily do a quick uninstall and re install.
    there are other ways to do it but these are the 3 easiest way
    good luck
    talk soon...sam f
    {{ DiscussionBoard.errors[11092603].message }}
  • Profile picture of the author Tech Saviours
    Tips for finding SPAM links injected into the content

    I'm working on a client's site and I noticed that posts have a hidden <div> filled to SPAM links to dick pills, etc. Hoping to get lucky, I searched for some of the keywords in the database tables, but found no matches. I also searched the code in all the files, and also found no matches.

    I know that Wordpress hacks can be very tricky to remove, and they go to great lengths to make them hard to find. But perhaps there are some "usual suspects" that I could check, or maybe some tell-tale signs I could look for.
    {{ DiscussionBoard.errors[11092611].message }}

Trending Topics