Reputation: 343
How do I find my Wordpress spam URL injection?
Let me start by saying I am not a highly experienced PHP individual but I am not a novice either.
It has been brought to my attention that my website has had a URL injected on every page with a spam link to an adult site. It is invisible but if you press control+F on any page and search for it, it will show up. Also, if you check the page source you can see where it has been added.
I started by doing the logical things:
1 - I downloaded the entire site locally and using Notepad++ searched through all the files for the url syntax. It returned no hits.
2 - Then I downloaded the entire database (SQL format) and searched it for the syntax as well. However, it too returned no hits.
I would have thought that syntax would show up in one of those two areas but it does not. What do I do now? Where else could this url be hiding and injected from?
Any suggestions would be highly appreciated.
Thanks!
Upvotes: 1
Views: 739
Answers (1)
Reputation: 543
Please check footer.php, functions.php in your wp-content/themes folder, general-template.php in wp-includes folder.
Next time integrate git with Wordpress to check for file changes. Recommended to install Wordfence, jetpack plugins for better security.
Upvotes: 2
Related Questions
- Site has been hacked with popup injection
- Wordpress Website Constantly Injected with index.php Files
- Wordpress - Found malicious PHP code
- How to remove script spam from wordpress website?
- How to find hacked Wordpress pages containing spam
- Suspicious code found in my WordPress site - How to fix?
- Find iframe injection and remove from site
- I was just hacked, but I don't know how or more importantly, why. Very odd code injected
- How to searching in files for signs of a code injection
- Locating source of spam in Joomla