Title: Malware Found – Injected Script Last modified: November 7, 2019 --- # Malware Found – Injected Script * [streetlc](https://wordpress.org/support/users/streetlc/) * (@streetlc) * [6 years, 7 months ago](https://wordpress.org/support/topic/malware-found-injected-script/) * Hello, * My site was hacked. * The website SUCURI.NET found a malware, like this: * My WP Forum is down, and I have problems with displays. * What do now? What is the source of hacking? * Do you have any information about this, perhaps a similar case? * Thank you to those who will give me their time. L. - This topic was modified 6 years, 7 months ago by [Jan Dembowski](https://wordpress.org/support/users/jdembowski/). * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fmalware-found-injected-script%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 9 replies - 1 through 9 (of 9 total) * [abhishek6262](https://wordpress.org/support/users/abhishek6262/) * (@abhishek6262) * [6 years, 7 months ago](https://wordpress.org/support/topic/malware-found-injected-script/#post-12107499) * Hello [@streetlc](https://wordpress.org/support/users/streetlc/), * Hope you’re doing good. The source of hijacking could be many. It could be a plugin, theme or a corrupted WordPress installation. The steps you can take right now is to disable all the plugins and see if that helps you. And if it does then enable them one by one and analyze which plugin is causing it. * Otherwise, make a fresh installation of WordPress and import the data to the new installation. * Additionally, use some security plugins and a CDN with security enabled (CloudFlare is free and also gives security when in attack). I’m linking down some plugins that that might help you to increase the security of the website. * [https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/) [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) [https://wordpress.org/plugins/better-wp-security/](https://wordpress.org/plugins/better-wp-security/) * _[ [Signature moderated](https://wordpress.org/support/guidelines/#do-not-spam)]_ - This reply was modified 6 years, 7 months ago by [abhishek6262](https://wordpress.org/support/users/abhishek6262/). - This reply was modified 6 years, 7 months ago by [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/). * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [6 years, 7 months ago](https://wordpress.org/support/topic/malware-found-injected-script/#post-12107838) * [@sebot34](https://wordpress.org/support/users/sebot34/) * ‘ve deleted your offer to login to your user’s site. I’m am 100% sure you mean well but please _never ask for credentials on these forums._ * [https://wordpress.org/support/guidelines/#the-bad-stuff](https://wordpress.org/support/guidelines/#the-bad-stuff) * Now for the why: The internet is a wonderful place full of very nice people and a few very bad ones. I’m sure everyone here is very nice however, by giving some ones keys to your house you are trusting they wont steal anything. Likewise the person who takes the keys is now responsible for the house FOREVER. * If something was to go wrong, then you the author may well legally become liable for damages, which they would not normally have been as their software is provided without warranty. * **Please be aware that repeatedly asking for credentials will result in us blocking your account.** * It’s never necessary to do that. Here’s why. * There are many ways to get information you need and accessing the user’s site is not one of them. That’s going too far. - Ask for a link to the [http://pastebin.com/](http://pastebin.com/) log of the user’s web server error log. - Ask the user to create and post a link to their `phpinfo();` output. - Ask the user to install the [Health Check plugin](https://wordpress.org/support/plugin/health-check/) and get the data that way. - Walk the user through [enabling WP_DEBUG and how to log that output to a file and how to share that file.](https://codex.wordpress.org/WP_DEBUG#WP_DEBUG_LOG_and_WP_DEBUG_DISPLAY) - Walk the user through basic troubleshooting steps such and disabling all other plugins, clear their cache and cookies and try again. - Ask the user for the step-by-step on how they can reproduce the problem. * You get the idea. * Volunteer support is not easy. But these forums need to a safe place for all users, experienced or new. Accessing their system that way is a short cut that will get you into real trouble in these forums. - This reply was modified 6 years, 7 months ago by [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/). * Thread Starter [streetlc](https://wordpress.org/support/users/streetlc/) * (@streetlc) * [6 years, 7 months ago](https://wordpress.org/support/topic/malware-found-injected-script/page/2/#post-12107894) * index.php wp-content/index.php and 444 .js files are infected. * – * **My theme is :** “TheFox”. * – * **My plugins list :** * AffiliateWP AutomateWoo Clicky Analytics Contact Form 7 Custom Category Templates Disable Gutenberg Easy Table of Contents Facebook for WooCommerce GDPR Cookie Consent Google Analytics Dashboard pour WP (GADWP) Hero Menu Loco Translate MC4WP: Mailchimp for WordPres No CAPTCHA reCAPTCHA OneSignal Push Notifications Postman SMTP Quick Page/Post Redirect Plugin Random Banner Simple Author Box SIP Reviews Shortcode for WooCommerce SSL Insecure Content Fixer TheFox Custom Post TinyMCE Advanced UpdraftPlus – Sauvegarde/Restauration WeSecur Security WooCommerce AffiliateWP– WooCommerce Redirect Affiliates WooCommerce Customer/Order CSV Export WooCommerce Give Products WooCommerce Order Status Control WooCommerce PDF Invoices WooCommerce Shortcodes WooCommerce Stripe Gateway Wordfence Security WP 404 Auto Redirect to Similar Post WP Force SSL WP PDF Stamper WP Rocket WP User Avatar wpDiscuz wpForo Yoast SEO Éditeur de page * – * The plugin WEBSECUR allows me to repair the injected files but I dare not use this option, i fear lose my data. What do you think ? - This reply was modified 6 years, 7 months ago by [streetlc](https://wordpress.org/support/users/streetlc/). * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [6 years, 7 months ago](https://wordpress.org/support/topic/malware-found-injected-script/#post-12108627) * _*Raises hands*_ * A few things: don’t post malware samples or links on this site, those get deleted when found. * [@streetlc](https://wordpress.org/support/users/streetlc/) Please remain calm and give this a good read. * [https://wordpress.org/support/article/faq-my-site-was-hacked/](https://wordpress.org/support/article/faq-my-site-was-hacked/) * When you have successfully deloused your site then consider giving this a read too. * [https://wordpress.org/support/article/hardening-wordpress/](https://wordpress.org/support/article/hardening-wordpress/) * I have archived all of the other replies. If you need support then per the forum guidelines please start your own topic. * [https://wordpress.org/support/forum-user-guide/faq/#i-have-the-same-problem-can-i-just-reply-to-someone-elses-post-with-me-too](https://wordpress.org/support/forum-user-guide/faq/#i-have-the-same-problem-can-i-just-reply-to-someone-elses-post-with-me-too) * You can do so here. * [https://wordpress.org/support/forum/how-to-and-troubleshooting/#new-post](https://wordpress.org/support/forum/how-to-and-troubleshooting/#new-post) * [JNashHawkins](https://wordpress.org/support/users/jnashhawkins/) * (@jnashhawkins) * [6 years, 7 months ago](https://wordpress.org/support/topic/malware-found-injected-script/#post-12108852) * Carefully follow [this guide](https://wordpress.org/support/article/faq-my-site-was-hacked/). When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://wordpress.org/support/article/hardening-wordpress/) and [start backing up your site](https://wordpress.org/support/article/wordpress-backups/). * Thread Starter [streetlc](https://wordpress.org/support/users/streetlc/) * (@streetlc) * [6 years, 7 months ago](https://wordpress.org/support/topic/malware-found-injected-script/#post-12108908) * What interests me more than anything now is to know which plugin or update was responsible. * My webmaster is removing malicious code on the site. * But we still do not know the flaw that allowed this injection. * If anyone found, do not hesitate to let us know. * [JNashHawkins](https://wordpress.org/support/users/jnashhawkins/) * (@jnashhawkins) * [6 years, 7 months ago](https://wordpress.org/support/topic/malware-found-injected-script/#post-12109026) * That probably wasn’t part of any update but resulted from an actual hack though it might have been hidden in something else for a time. * I have seen those kinds of problems sneak in on a nulled theme or plugin. * Follow through with the hardening process and you’ll have gone a long way toward stopping most of these attacks. * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [6 years, 7 months ago](https://wordpress.org/support/topic/malware-found-injected-script/#post-12109100) * Referring to Jan’s post at [https://wordpress.org/support/topic/malware-found-injected-script/#post-12108627](https://wordpress.org/support/topic/malware-found-injected-script/#post-12108627), it’s time to close this topic. * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [6 years, 7 months ago](https://wordpress.org/support/topic/malware-found-injected-script/#post-12109270) * Note: Please don’t report this post. Viewing 9 replies - 1 through 9 (of 9 total) The topic ‘Malware Found – Injected Script’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 8 replies * 6 participants * Last reply from: [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * Last activity: [6 years, 7 months ago](https://wordpress.org/support/topic/malware-found-injected-script/#post-12109270) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics