Support » Fixing WordPress » My Site Hacked?

  • Resolved jaco223



    I was wondering how one can tell if their blog has been hacked? A friend of mine visited my blog and he uses Webroot a anti-virus/anti-spyware program. It is reporting my site as dangerous ….it’s saying my site is among those known for spam malware and viruses. Bummer!
    Any suggestions, thoughts or advice?


Viewing 10 replies - 1 through 10 (of 10 total)
  • @samuel

    Thanks here’s the link to my site

    I’m not sure if it has been hacked, but if you could take a look that would be great!

    I don’t see any evidence of a hack and my AVG anti virus gives your site a clean bill of health

    ask your friend – or you do it- to submit your site to webroot for re-evaluation


    Great! Thanks so much for your help. I want to add that my “support” experience here a .org has been awesome!



    I followed up on webroot actually a friend made couple of screen shots for me. The first shot indicates something about thickbox.js which is a javascript?

    the second shot say’s there is a problem in the Prose child theme css minified.css

    Can someone have a look at the screenshots and perhaps point me inthe direction I need to go to correct this. I don’t want to have any malicious code or bad links that would warn people off

    I had the same result as Samuel. I didn’t get any suspicious alerts when I visited.

    The thickox.js file is present in a default wordpress installation, in the same path as your warning indicates: /wp-includes/js/thickbox/thickbox.js You can check it to make sure it’s the legit copy if you like, though.

    If you obtained your copy of the prose theme from StudioPress, I highly doubt that there would be anything wrong with the minified.css

    I think you could be dealing with some false positives. Still, it wouldn’t hurt to verify both files.


    Yes I purchased Genesis through studiopress and as a bonus they are offering Prose for free. To be honest I don’t really know what thickbox is. I do know it is out dated when I did a Google search on it. I haven’t made any changes to the Genesis CSS. The only thing I did was to add the code for Google analytics. Which I believe I put in the footer or header. And I added the javascript for Woopra. Both changes seemed to work ok. I didn’t receive any code errors.

    My friend is insisting maybe there is a questionable link in the code somewhere and it’s driving me crazy.
    I wouldn’t make any changes in the code because I don’t know enough CSS to do anything other than adding GA and woopra which I followed the instructions as to where to put the code.
    I appreciate all the help Samuel and you have offered me. I’m a noob having moved from a wp free hosted blog. I like the self hosted because it gives me the opportunity to really learn about the wp platform.

    My friend is insisting maybe there is a questionable link in the code somewhere and it’s driving me crazy.

    The images you presented don’t seem to directly support that theory, but stranger things have happened. However, when checking your site for questionable links, none pop up.

    This site sometimes helps in revealing odd things like that. it didn’t find anything suspicious at the moment.

    …and, Google has not flagged your site;

    ..and the javascript file you referenced ( thickbox.js ) is supposed to be there. That same file exists on all of my WordPress sites. Just because it’s not being maintained on the web doesn’t mean it’s no longer serviceable, or corrupt somehow. The minified.css is, I believe, just a composite of the themes default and user applied style “compressed” or composed, in such a manner as to remove all unnecessary white space from the file. You can verify that by downloading it directly from your browser, saving it to your desktop, and opening it with a good text editor.

    Is there another message or error that Webroot displays that would indicate the issue with the link as your friend suggests? Or has someone experienced an unwanted re-direct or unusual pop-ups that don’t belong on your site? What is it that is making your friend insist that there is a malicious link somewhere? – I’m not saying it isn’t possible – just looking for the evidence, mind you. 🙂

    [edit] I just downloaded thickbox.js and minified.css from your site.

    I did a comparison of your javascript with the same file from one of my sites, and there was no differential. The files were identical. I would not hesitate to say at this point, that there is nothing wrong with that file.

    I also looked inside of minified.css, and I see nothing that indicates anything unusual.


    I want to thank you very much for all the assistance you’ve provided me on this. I greatly appreciate it. I consider this thread resolved. My friend is being overly cautious I think. I suggested as was mentioned perhaps Webroot is turning up a false positive. To answer your questions no one I know has experienced unwanted re-directs, or pop-ups. I think my friend is solely insisting on a malicious link based on Webroot. With the help I’ve received in this thread I’m convinced my site is healthy. Thanks again Clayton and Samuel.
    As an unrelated side note, I’ve not posted any new content since the move from .com, however I’m learning a great deal about the wp software. I relate it to jumping from MS windows to Linux which is such a great learning experience. Not that I was really a big fan of MS, I’ve always been a Mac and Linux person. Cheers!

    You’re welcome. It never hurts to be cautious. Any time you see something like that, it’s always worthwhile to investigate.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘My Site Hacked?’ is closed to new replies.