Title: Hack. Malicious code inserted via ad inserter Last modified: February 13, 2019 --- # Hack. Malicious code inserted via ad inserter * Resolved [Niko Popp](https://wordpress.org/support/users/niko-popp/) * (@niko-popp) * [7 years, 3 months ago](https://wordpress.org/support/topic/hack-malicious-code-inserted-via-ad-inserter/) * Been using ad inserter for a while and like it. Discovered two of my sites had malicious code inserted via the plugin. The problem was recurring until I disabled the plugin. * Is ad inserter not secure? Can I do something to prevent sql injections via ad inserter? Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Author [Spacetime](https://wordpress.org/support/users/spacetime/) * (@spacetime) * [7 years, 3 months ago](https://wordpress.org/support/topic/hack-malicious-code-inserted-via-ad-inserter/#post-11199866) * The plugin is secure. There are no known issues. * However, some tools may report suspicious files. It seems they are all false positives. * The plugin inserts only the codes you configure. You can use debugging functions to diagnose insertions issues: [https://adinserter.pro/documentation/debugging](https://adinserter.pro/documentation/debugging) * Thread Starter [Niko Popp](https://wordpress.org/support/users/niko-popp/) * (@niko-popp) * [7 years, 3 months ago](https://wordpress.org/support/topic/hack-malicious-code-inserted-via-ad-inserter/#post-11201601) * To clarify. No tools are reporting an issue. The bad code gets injected into my ad codes using ad inserter, into widgets and into posts. * Deactivating ad inserter makes the problem go away. When ad inserter is activated, the bad code keeps coming back after it gets cleaned out. * The hackers seems to be using ad inserter to inject code on my site. Not saying the plugin itself is doing it. * Plugin Author [Spacetime](https://wordpress.org/support/users/spacetime/) * (@spacetime) * [7 years, 3 months ago](https://wordpress.org/support/topic/hack-malicious-code-inserted-via-ad-inserter/#post-11201678) * I would say this is very unlikely. But if you suspect this is the case, I suggest to [open a ticket](https://adinserter.pro/contact) in order to investigate the issue. * However, disabling Ad Inserter is not a good indicator of anything as its main task is to insert your (ad) codes which **do insert other codes** on your pages. When you disable the plugin you also disable insertion of your ad codes. * I suggest to use debugging functions to selectively disable ad blocks and other codes to see the difference. This way you can identify the code that causes “ bad code” to be inserted: [https://adinserter.pro/documentation/debugging#back-end](https://adinserter.pro/documentation/debugging#back-end) * [poddys](https://wordpress.org/support/users/poddys/) * (@poddys) * [7 years, 3 months ago](https://wordpress.org/support/topic/hack-malicious-code-inserted-via-ad-inserter/#post-11211792) * Several years ago I tried using ads from a couple of other companies instead of Google Adsense. I ended up with ads that had hacking code in them. You might find it’s the ads that have the code in them, not ad inserter itself. * Plugin Author [Spacetime](https://wordpress.org/support/users/spacetime/) * (@spacetime) * [7 years, 3 months ago](https://wordpress.org/support/topic/hack-malicious-code-inserted-via-ad-inserter/#post-11212630) * Thanks for the update. * [ralley112](https://wordpress.org/support/users/ralley112/) * (@ralley112) * [7 years, 1 month ago](https://wordpress.org/support/topic/hack-malicious-code-inserted-via-ad-inserter/#post-11399984) * Hello, * I am having the same problem on a few of my sites, there are ads on the top header and on the footer, which I have never inserted * Plugin Author [Spacetime](https://wordpress.org/support/users/spacetime/) * (@spacetime) * [7 years, 1 month ago](https://wordpress.org/support/topic/hack-malicious-code-inserted-via-ad-inserter/#post-11400180) * Hello [@ralley112](https://wordpress.org/support/users/ralley112/) * Please be assured taht the plugin inserts only the codes you configure. * You are probably using code for AdSense Auto ads: [https://adinserter.pro/documentation/adsense-ads#auto-ads](https://adinserter.pro/documentation/adsense-ads#auto-ads) * AdSense Auto ads (known also as AdSense Page Level Ads) is a code that you insert on every page once and it will automatically display AdSense ads on positions chosen by the code. * You can use debugging functions to diagnose insertions issues: [https://adinserter.pro/documentation/debugging](https://adinserter.pro/documentation/debugging) * If you post page address and enable remote debugging we can check your site: [https://wordpress.org/support/topic/ad-inserter-support-before-you-ask-for-help/](https://wordpress.org/support/topic/ad-inserter-support-before-you-ask-for-help/) Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘Hack. Malicious code inserted via ad inserter’ is closed to new replies. * ![](https://ps.w.org/ad-inserter/assets/icon-256x256.jpg?rev=1502039) * [Ad Inserter - Ad Manager & AdSense Ads](https://wordpress.org/plugins/ad-inserter/) * [Frequently Asked Questions](https://wordpress.org/plugins/ad-inserter/#faq) * [Support Threads](https://wordpress.org/support/plugin/ad-inserter/) * [Active Topics](https://wordpress.org/support/plugin/ad-inserter/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ad-inserter/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ad-inserter/reviews/) * 7 replies * 4 participants * Last reply from: [Spacetime](https://wordpress.org/support/users/spacetime/) * Last activity: [7 years, 1 month ago](https://wordpress.org/support/topic/hack-malicious-code-inserted-via-ad-inserter/#post-11400180) * Status: resolved