Title: Malicious Akismet code in header Last modified: August 30, 2016 --- # Malicious Akismet code in header * [Guido](https://wordpress.org/support/users/guido07111975/) * (@guido07111975) * [10 years, 4 months ago](https://wordpress.org/support/topic/malicious-akismet-code-in-header/) * Hi folks, * Every few months I notice websites containing malicious Akismet code in file header.php. For an example of this code check [this](https://wordpress.org/support/topic/akismet-in-header-starbeatde-iframe-internet-explorer-ie) post. * Very frustrating because I do not notice it before Google or hostingprovider blocks the site. * The common factor of all websites is they have one of my themes and one of my plugins installed. And a fallback theme such as Twenty Sixteen. The code is injected in header.php of all installed themes. * So I suspect a theme or plugin is causing this. Unfortunately file-permissions can cause a leak as well (wp-content has often 755 or even 777). * How can I prevent this? * I’m also looking for someone who can take a look at one of my themes and plugin. As far as I know they are completely save, but you never know. Maybe I overlooked something. * Guido Viewing 1 replies (of 1 total) * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [10 years, 4 months ago](https://wordpress.org/support/topic/malicious-akismet-code-in-header/#post-6877292) * The short version is your site is hacked and needs to be deloused. * Please remain calm and carefully follow [this guide](https://codex.wordpress.org/FAQ_My_site_was_hacked). When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://codex.wordpress.org/Hardening_WordPress). * A more lengthy list of articles: * [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/) * Additional Resources: [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html) [http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html](http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html) * > I’m also looking for someone who can take a look at one of my themes and plugin. * That’s not something that’s offered in these forums, please consider [http://jobs.wordpress.net/](http://jobs.wordpress.net/) instead. I’m closing this topic now because there have been (to put it mildly) some people who opportunistically use these forums to harvest contacts and work. * When the moderators find that, that person gets banned permanently. Please give those articles a read and good luck. Viewing 1 replies (of 1 total) The topic ‘Malicious Akismet code in header’ is closed to new replies. ## Tags * [header](https://wordpress.org/support/topic-tag/header/) * [malicious](https://wordpress.org/support/topic-tag/malicious/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 1 reply * 2 participants * Last reply from: [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * Last activity: [10 years, 4 months ago](https://wordpress.org/support/topic/malicious-akismet-code-in-header/#post-6877292) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics