Check it with isithacked.com and you will get more details.
I have similar observation on my site just instead of phrama products I had new pages linking to betting-the-kentucky-derby-online or blackjack-en-ligne-mac
Lets hope someone comes to our rescue.
Looks like your theme was hacked. You will need to check the theme files to find the link. I’d imagine it’s probably in the header.php file. I’d also recommend switching themes or having an expert look at the one you’re currently using as it seems to have an exploit somewhere. If you purchased the theme, let the developer know what happened. Unless you are using an old version of WP, in which case I’d update it immediately.
So isithacked.com says I am clean (which we know isn’t true) and there was nothing in any of the theme files.
Anyone else?
Go through all of those resources above. Hacks can be very hard to clean up. There are no quick and easy fixes unless you or your host have a backup of your site from before it was hacked.
Hmmm. Considering where it’s displaying (between the logo and menu) I would think it HAS to be in header.php of your theme. In your header.php file, look for this code:
<body <?php body_class(); ?>>
<div id="container">
<header id="main-header" class="clearfix">
<h1 id="logo">
<a href="<?php echo esc_url( home_url( '/' ) ); ?>"><?php bloginfo( 'name' ); ?></a>
</h1>
<nav id="top-menu">
<?php
wp_nav_menu( array(
'theme_location' => 'primary-menu',
'container' => '',
'fallback_cb' => '',
'menu_class' => 'nav',
'echo' => true,
) ); ?>
</nav>
Should be around line 24 of the file. Unless you have altered this theme, your code should match what I have above exactly… if it doesn’t, then it’s definitely been altered by a hacker.
Or you can always just reinstall the original theme that you are using (again providing you haven’t made modifications to the theme files that you need). You can get a fresh copy of your theme here: http://www.elegantthemes.com/gallery/serene/
And just removing that code will not prevent it from happening again – which is very likely to happen if it’s not fully cleaned up and secured.
Very true WPyogi. Highly recommend finding another theme that works for your site.
Why are you assuming that the theme was the cause of the hack? That’s not a good assumption at all.
WPyogi is spot on. The hack code might be found in the header, but the backdoor entry to the site could be anywhere: plugins/theme/compromised login credentials/compromised server. There are only three options available in the case of a hacked site:
1. Work through the resources linked to by WPyogi in comment 4 above
2. Delete and restore all site files to a known clean version pre-hack
3. Seek professional help
Removing one visible piece of hacked code and hoping for the best is not a solution and will likely lead to reinfection, damage to reputation among clients and blacklisting by search engines.
