Does Wordfence add any scripts to head?

  • Resolved brightgirl

    (@brightgirl)


    6 years, 2 months ago

    Does the Wordfence plugin add any scripts to the head of each page?

    I have 15 WordPress sites that all have certain scripts appearing in the code for each page, but I can’t tell why these scripts are there, where they came from, or what they are doing. All these sites use different themes and the only plugins that are being used on all 15 are Wordfence and ManageWP’s worker plugin. ManageWP has already verified that their plugin is not adding any scripts. So, is Wordfence?

    The scripts don’t *seem* to be doing anything malicious, but who knows? How can I tell what these are from?

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • mountainguy2

    (@mountainguy2)

    6 years, 2 months ago

    Hi, I’ve used Wordfence for several years on multiple sites, and don’t recall it ever adding anything scripts visible in the page source. I look at this nearly every day. I’m not sure what you mean by “the head,” as that could mean the theme header part of the page source, or the actual HTML head tag defined part of the page source. As for detective work to find what a script is coming from, first step is to pull chunks of code out of it and use google. Or if the script is totally obfuscated, it might be necessary to do something like hiring the Wordfence site cleaning service. MTN

    Thread Starter brightgirl

    (@brightgirl)

    6 years, 2 months ago

    Thank you mountainguy2, that is helpful. I was referring to the actual HTML head tag, sorry for the confusion. After doing some further research, I’ve realized that the scripts are showing up on all the sites (both WordPress and non-Wordpress) that are hosted on a particular server. Also, when I pull down a file (say index.html) via FTP, those scripts are not there, so I think they are getting injected either by the server or my browser. However I’m not seeing it in my browser for any other sites that aren’t on that server, so I’m getting ready to contact my host. Either way, I think I’ve confirmed that it has nothing to do with Wordfence.

    mountainguy2

    (@mountainguy2)

    6 years, 2 months ago

    Absolutely, nothing to do with Wordfence. Best wishes on repairing, that sounds really annoying. Please let us know how you resolve. MTN

    Thread Starter brightgirl

    (@brightgirl)

    6 years, 2 months ago

    Here is my host’s reply:

    “After review with our development team, we have found that this code was added as part of a pilot program to identify how visitors are hitting our network and utilizing our client accounts. The purpose of this program is provide direct analytics into the timing and length of visits on our client accounts to provide a better understanding of network utilization. This code, which runs in apache, in no way impacts the integrity or functionality of your website.”

    Color me unhappy 🙁

    mountainguy2

    (@mountainguy2)

    6 years, 2 months ago

    That is incredibly bad, weird they couldn’t have put in a comment line you could see in your page source, explaining what the heck the junk was. Time for a better web host. When your own host hacks your website, wonderful. MTN

    Thread Starter brightgirl

    (@brightgirl)

    6 years, 2 months ago

    Right?!?! Ah well, at least I know what it is now!

    I have been with this host 10+ years and it was mostly a good run. But the company got sold about a year ago and the problems have been on the increase. Yep, time to look elsewhere.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Does Wordfence add any scripts to head?’ is closed to new replies.