No, this has nothing to do with TinyMCE Advanced. This plugin is not accessible/doesn’t do anything unless the user is an administrator and is logged in.
Unfortunately disabling/removing it won’t clean your site. More info: http://codex.wordpress.org/FAQ_My_site_was_hacked.
Thread Starter
rob2k
(@rob2k)
Thank you for the prompt reply.
You may well be right as I’m no expert, although I am Admin for all the infected sites.
However, after disabling TinyMCE Advanced, and using WP Edit instead, I have yet to see the SPAM link again on any of my WP sites.
Previously it would appear randomly and my users reported it.
I’ve had no reports since I changed to WP Edit.
Thread Starter
rob2k
(@rob2k)
Well, it seemed to work but then it came back intermittently.
Either the sites are just infected now and I’ll have to rebuild from scratch or it’s something else.
I started to suspect Customize Meta Widget as it’s very new version 0.2
So I’ve disabled that and it seems to have worked, again!
Yeah, unfortunately you will need to clean everything properly and “close the door” from where they got in. First step is to contact your hosting company, see if they can restore a known good backup, etc.
