Moderator
t-p
(@t-p)
I checked your site with sucuri and it it confirms it is infected: https://sitecheck.sucuri.net/results/www.legacyguitarhouse.com
Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
Thanks Tara,
Can we take our site offline until the issue is resolved?
Shaun
Moderator
t-p
(@t-p)
Sure you can. But wordpress.org cannot do it for you. Because wordpress.ord does not provide hosting services. You may want to discuss the issue with your hosting provider.
In my experience with this infection the malicious code is probably going to be at the very, very bottom of one of these two files:
./wp-content/twentyeleven/footer.php
./wp-content/twentyeleven/index.php
You can remove that malicious script from there and that should clear the Sucuri Sitecheck warning, but the challenge will be determining if the attacker placed any back doors in order to reinfect the site at a later date.
You might want to run a file integrity check as well as a general scan of your files with a security plugin to see if any other malicious scripts are present there.
Dan
(@securitydan)
I just used vURL and went to your website. On your home page (index) on line 342, you have an injected iframe redirecting to an exploit kit hosted on IP (188.166.65.14).
You can delete the iframe to temporarily stop the damage, but in order to completely remove any potential backdoors, you will want to scan the entire site, check for recent changes, verify permissions, change all passwords related to the site, try to improve your .htaccess page. The two links provided above by Tara and rngdmstr’s advice should help move you in the right direction.
