Moderator
t-p
(@t-p)
According to sitecheck.sucuri.net, it does not look like that your website is compromised.
Try:
– deactivating ALL (yes all) plugins temporarily to see if this resolves the problem (plugin functions can interfere). If this works, re-activate them individually (one-by-one) to find the problematic plugin(s).
– resetting the plugins folder by FTP. Sometimes, an apparently inactive plugin can still cause problems.
– switching to the unedited default Theme (Twenty Sixteen, etc.) for a moment using the WP dashboard to rule out any theme-specific issue.
Thread Starter
alex
(@stroombox)
When switching themes there are no more pop ups. so i guess the theme has the code in it? its strange because the theme originally had no problems up until a few days ago. Is there a way to figure this out without having to start over?
If you can FTP or access the files directly, check to see if any were changed recently. You can also upload a new copy of the theme and replace yours entirely. I would also suggest verifying you have security in place and the latest versions of all plugins, core and themes.
I’m seeing some pretty suspicious javascript and hidden links in the bottom of your source code as it was cached on the 18th.
This is what I see right now on your live site – it’s something to be concerned about.
http://pastebin.com/8438Z9KZ
The class="GMA" that you see in the pastbin code is being hidden by your themes style sheet.
.GMA {
display: none;
}
Bad theme. Potentially dangerous.
Thread Starter
alex
(@stroombox)
Is it something I can just remove?
I’m not going to advise you to try. Your copy of that theme does not appear to match what I would expect to see in the file structure of the commercial/original version.
http://themeforest.net/item/bridge-creative-multipurpose-wordpress-theme/7315054
http://demo.qodeinteractive.com/bridge/
The nature of the hidden links and questionable scripts in the footer of your copy suggests that if you purchased that theme, you didn’t get the real thing.
I’m not going to advise you to try. Your copy of that theme does not appear to match what I would expect to see in the file structure of the commercial/original version.
Like Clayton said, always best to replace the entire theme. It’s the ONLY way to make sure to get everything that has been edited/injected into your copy.
Just to clarify what I mean: I’m not suggesting that the site was hacked. I’m suggesting that the theme was probably already hacked before it was installed.
On the surface, this particular theme appears to be a possible “bootleg” version of a commercial theme. They are often obtained from less than reputable sources who alter the files and then redistribute or resell the theme without the legal right to do so.
So just to be clear, replacing the entire theme in this case probably won’t solve the problem if you simply replace it with the same files you used to install it.
You will need to purchase the theme, thereby being granted a license that allows you to download and install an unadulterated copy of the theme from an authorized, legitimate source.
