Support » Fixing WordPress » I have been hacked. The problem is coming through admin-header.php

  • Hi, I found recently on my site a virus that was redirecting to something like: or something like that. I found that a script was injected into some of the index files. I removed the script and everything was fine.
    A few days ago I found that when I want to post a new post I see the same address that redirects for a seconds. I have installed Avast and reloaded the page. It alert me for a virus in:


    JS: Illredir-Z[Trj]

    I have download a new fresh copy of wordpress and installed it – the problem has left.

    So I have opened /wp-admin/post-new.php file and start to test it.

    I found that if a remove


    from the source and reload post new page there is no alert for Trj virus.

    So, next file I try to test was /wp-admin/edit-form-advanced.php.

    I found that when I remove


    from the source there is no alert.

    Finally I try to test /wp-admin/admin-header.php.

    I found the problem comes from:

    if ( in_array( $pagenow, array('post.php', 'post-new.php', 'page.php', 'page-new.php') ) ) {
    	add_action( <strong>'admin_print_footer_scripts', 'wp_tiny_mce', 25</strong> );

    And especially from the bold line. If I remove one of the strings, the page is loaded without a virus alert.

    Any ideas how to fix that problem?

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘I have been hacked. The problem is coming through admin-header.php’ is closed to new replies.