Title: Malicious code in page content Last modified: August 22, 2016 --- # Malicious code in page content * [acrobate67](https://wordpress.org/support/users/acrobate67/) * (@acrobate67) * [11 years, 7 months ago](https://wordpress.org/support/topic/malicious-code-in-page-content/) * My site has all-in-one WP security installed with most security options activated. It is still getting hacked! New files are uploaded to my FTP and some PHP files are modified. I reinstalled with a fresh copy of WordPress and checked all wp- content files carefully before re-uploading them. Still getting hacked! * I know theme or plugin vulnerability could be the issue but my question is: is there a way to figure out how it is happening. What is the weak point? Are there any logs I can check or anything? * Thanks! * [https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/) Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Contributor [mbrsolution](https://wordpress.org/support/users/mbrsolution/) * (@mbrsolution) * [11 years, 7 months ago](https://wordpress.org/support/topic/malicious-code-in-page-content/#post-5327909) * Hi acrobate67 have you spoken to your Host in regards to you being hacked? Did you recover your site from a clean backup? Are you running the latest version of WordPress, plugins and Theme? * Did you sign up to use the Malware Scan options in the plugin? * Regards * Thread Starter [acrobate67](https://wordpress.org/support/users/acrobate67/) * (@acrobate67) * [11 years, 7 months ago](https://wordpress.org/support/topic/malicious-code-in-page-content/#post-5327977) * I reinstalled from a fresh version downloaded form worpress.org (latest version). So there is no way I could have left any infected files. All plugins and themes are up to date. I did not sign for the Malware Scan. * I am just wondering if there is a way to identify the weak point. Every precaution has been taken but I am still getting hacked. * Thanks * Plugin Contributor [mbrsolution](https://wordpress.org/support/users/mbrsolution/) * (@mbrsolution) * [11 years, 7 months ago](https://wordpress.org/support/topic/malicious-code-in-page-content/#post-5327994) * If you still being hacked then it might have to do with your Server, as per my request above. Have you being in contact with your Host? * This security plugin does a great job in securing and protecting your website or blog. However you still need to be vigilant with the server settings, plugins and theme. If after you do a complete installation as you mentioned above you are still being hacked then there is some other issue that you need to investigate. * Let me know if what your Host says. * Regards * Plugin Contributor [wpsolutions](https://wordpress.org/support/users/wpsolutions/) * (@wpsolutions) * [11 years, 7 months ago](https://wordpress.org/support/topic/malicious-code-in-page-content/#post-5328007) * Another way attackers can steal login credentials of your web host system is via your infected computer. eg, a hacker can install a script to harvest FTP passwords from programs such as filezilla and then send those credentials to themselves. * Since your computer is a tool which you regularly use to access your websites, keeping it secure and protected and scanning regularly is something you should do by habit. * [AITpro](https://wordpress.org/support/users/aitpro/) * (@aitpro) * [11 years, 7 months ago](https://wordpress.org/support/topic/malicious-code-in-page-content/#post-5328057) * And of course there are lots of free FTP password cracker apps available online. If you do not have a secure FTP password then your FTP password can be cracked in seconds. * [mra13](https://wordpress.org/support/users/mra13/) * (@mra13) * [11 years, 7 months ago](https://wordpress.org/support/topic/malicious-code-in-page-content/#post-5328063) * I completely agree with [@aitpro](https://wordpress.org/support/users/aitpro/), FTP password needs to be really really strong otherwise it will get cracked. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Malicious code in page content’ is closed to new replies. * ![](https://ps.w.org/all-in-one-wp-security-and-firewall/assets/icon-256x256. png?rev=2798307) * [All-In-One Security (AIOS) – Security and Firewall](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/) * [Active Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/) * 6 replies * 5 participants * Last reply from: [mra13](https://wordpress.org/support/users/mra13/) * Last activity: [11 years, 7 months ago](https://wordpress.org/support/topic/malicious-code-in-page-content/#post-5328063) * Status: not resolved