Support » Fixing WordPress » My site is hacked. Code injected. HELP!!!

  • Man I need some help y’all.

    My site is Over the last week or so, I’ve gotten hacked. Originally I found the javascript code gibberish in my footer.php file in my theme. We removed it and changed the permissions to read only.

    Google removed the “this is a malware” message and it was fine for a few days. Next, the google message came back, and the code was found in the header. I removed it, set the permissions to read only on that file. Google rescanned… released the error…. a day later…..

    AGAIN. Now it’s being injected in the header at runtime it seems.
    I’ve checked every file in the theme for anything that could be calling the script for inclusion. NOTHING. I’m totally stumped.

    I’ve got a screen cap of the code that is included in the header (not physically written in the header.php file though..)

    I’m totally stumped. A friend of mine went to the site and said that Kaspersky AV stated that there was a virus on the site… ” Huer:trojan.script.iframer ”

    I could use some help here. I’m up against a wall. If you check the site on firefox, you may not get the google error. Chrome will show it though.

    Anyone run into this?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Chris Olbekson


    Level 12 Bug Squasher & Forum Moderator

    Sorry to hear about your site getting hacked. Could you tell us who your hosting provider is? Have you contacted them yet?

    Try using the codex instructions for removing a hack:

    Also see this article:

    How to Diagnose and Remove the WordPress Pharma Hack

    Thanks for your reply. I’m currently hosting with Dreamhost. Not mentioned it to them, but they have a note on my panel stating that google has noted that this is a malware site.

    Chris Olbekson


    Level 12 Bug Squasher & Forum Moderator

    I would defiantly notify them. They are a WordPress recommended host and should be able to help you get it fixed.

    Is there any further update on how to prevent the so-called “pharma hack” from coming back and injecting viagra and other pharma content in your wordpress powered site?

    I have already read the pearsonified blog and he also says that he has no idea how they got in in the first place and how to prevent it for sure from happening again.

    Moderator James Huff


    Volunteer Moderator 🚀

    First, try some (if not all) of the recommended security measures. Then, make sure that you have set the permissions of all files to 644 and directories to 755.

    Unfortunately, nothing can really help if you’re on an insecure shared server. Under the (unfortunately) common setup, the attacker only needs to compromise one account on the server to affect all of them.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘My site is hacked. Code injected. HELP!!!’ is closed to new replies.