Title: Header.php Hack Last modified: August 30, 2016 --- # Header.php Hack * Resolved [007dutchy](https://wordpress.org/support/users/007dutchy/) * (@007dutchy) * [10 years, 8 months ago](https://wordpress.org/support/topic/headerphp-hack/) * On all my sites the header.php file is hacked and has this code in there: * _[Massive blob of JS redacted, please use a pastebin service]_ * Tried to remove it form all my sites 2 days ago, changed all y passwords. But now it is there again and redirecting all my sites to SPAM sites. * What can I do? * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/) * (@wfmattr) * [10 years, 8 months ago](https://wordpress.org/support/topic/headerphp-hack/#post-6530922) * 007dutchy: * You can reinstall your themes to temporarily fix the problem. I do not know of a permanent fix yet — if you can tell me a list of the plugins and themes you have, it may help track down the source. * Are all of your plugins and themes, and WordPress itself, up to date? * Also, do you have other sites within your same hosting account? A number of the hacked sites we’ve seen recently have had a second (or third) site on their accounts that was not up to date. * Thread Starter [007dutchy](https://wordpress.org/support/users/007dutchy/) * (@007dutchy) * [10 years, 8 months ago](https://wordpress.org/support/topic/headerphp-hack/#post-6530951) * I have around 20 sites on my hosting account.. will update all of them today! * Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/) * (@wfmattr) * [10 years, 8 months ago](https://wordpress.org/support/topic/headerphp-hack/#post-6530985) * Ok, let us know how it goes! I just saw your post on the other thread too. If you still have trouble after the updates to the 20 sites, feel free to post again. I’m marking this one as resolved for now, so we can keep track of posts with new replies (you can mark it as “not resolved” if needed later.) * [deriksx](https://wordpress.org/support/users/deriksx/) * (@deriksx) * [10 years, 8 months ago](https://wordpress.org/support/topic/headerphp-hack/#post-6531017) * Hi, * I have the same problem in header,php , a few days ago delite the code from header but now is back ))) * Of course I dont have all plugins update and etc but its the first time when I see somthing like this. * I delite all themes form all websites which I dont use but ….. I think after few days it will back (( * [deriksx](https://wordpress.org/support/users/deriksx/) * (@deriksx) * [10 years, 8 months ago](https://wordpress.org/support/topic/headerphp-hack/#post-6531020) * Oh, just forgot , this can help ””’ Admin-Ahead Linux Malware Detect Extension for Plesk””” ???? * Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/) * (@wfmattr) * [10 years, 8 months ago](https://wordpress.org/support/topic/headerphp-hack/#post-6531025) * deriksx: We have a guide to cleaning a hacked site (see the link below) — I’m not sure if the plesk extension would detect this type of infection or not. If you still have trouble after following the cleaning guide, including the high sensitivity scan and other options, can you make a new post in this forum, instead of replying here, to keep issues separate? Thanks! * Here is the guide: [How do I clean my hacked site using Wordfence?](http://docs.wordfence.com/en/How_do_I_clean_my_hacked_site_using_Wordfence%3F) * [deriksx](https://wordpress.org/support/users/deriksx/) * (@deriksx) * [10 years, 8 months ago](https://wordpress.org/support/topic/headerphp-hack/#post-6531027) * Hi, * If I correct understan the manual helps clean the viruses what I get when install wordfence ?? * Just I see the manual but dont read all because my english is no very well. * Thanks. Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘Header.php Hack’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 7 replies * 3 participants * Last reply from: [deriksx](https://wordpress.org/support/users/deriksx/) * Last activity: [10 years, 8 months ago](https://wordpress.org/support/topic/headerphp-hack/#post-6531027) * Status: resolved