Random code issue (10 posts)

  1. lee.stanley3
    Posted 3 years ago #

    I have a random code issue. for some reason on my pages http://www.hadfieldeducation.com/teaching-jobs-in-leicestershire, http://www.hadfieldeducation.com/nottinghamshire-teaching-jobs and http://www.hadfieldeducation.com/teaching-jobs-lincolnshirethe code is adding in extra code?? I have deactivated plugins and cleared the cache but it still happens. yet on the url http://www.hadfieldeducation.com/derbyshire-teaching-jobs it all works fine??

    Any thoughts or suggestions. I am using wp 3.5 and viewing on win8 I have viewed in chrome, ff and safari (all the same issue).

    Completely baffled?


  2. Odai Athamneh
    Posted 3 years ago #

    Hi Lee,

    This really looks like it's being caused by a bad hook in a plug-in. It could even be that your website has been hacked and had some nefarious plug-in installed (I've heard of that, but never seen it happen).

    Are you sure you tested every plug-in? I looked at the source code for Teaching Jobs in Leicestershire and noticed you're using WordPress File Monitor, which hasn't been updated for 2 years. Could be that.

  3. lee.stanley3
    Posted 3 years ago #

    I have deleted the wordpress file monitor plugin like you say its way out of date. How do you detect a nefarious plugin?

    Yes checked every plugin?

  4. keesiemeijer
    Posted 3 years ago #

    Your theme's is using the UTF-7 character-set to display the page.

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-7"/>

    Try and change the character set to UTF-8 in wp-admin > Settings > "Encoding for pages and feeds".

  5. lee.stanley3
    Posted 3 years ago #

    Changed to UFT-8 and the random symbols on one page has changed but the main pages are still showing this random code.

    There is perhaps a clue or a hint in the fact of the random code (+ADw-h2+AD4-) happens around < symbols in the html or text view?? or the > symbols. Also the radmon code is not consistant it is different every time.

    Is this a code issue or a hacker??

  6. keesiemeijer
    Posted 3 years ago #

    Is this a code issue or a hacker?

    Could be either one.

    First try:
    - flushing any caching plugins you might be running, as well as server and/or browser caches.

    - deactivating all plugins to see if this resolves the problem? If this works, re-activate the plugins one by one until you find the problematic plugin(s).

    - switching to the default theme to rule out any theme-specific problems.

  7. lee.stanley3
    Posted 3 years ago #

    It must be a hacker..

    I have activated twenty eleven and the main domain url redirects to a spanish website. Yet when I then re-activate the theme and child theme I am using it works normally (with the random code still there)

    Also the random code is still there on all the other pages with twenty eleven as it was before.

    Ill contact my host and inform them of this.

    Any suggestions on what to do or how to identify it to clean the site code??

  8. keesiemeijer
    Posted 3 years ago #

    If you didn't put the character set to UTF 7 yourself I think it's a hacker, see for solutions here: http://wordpress.org/support/topic/website-repeatedly-hacked?replies=38


    and the main domain url redirects to a spanish website...

    Yes, I'm sorry but I think your site is hacked.

  9. keesiemeijer
    Posted 3 years ago #

  10. lee.stanley3
    Posted 3 years ago #

    Arh that seems very very similar to mine... Ill have a read through and see if there is anything that I can change remove etc.

    I did initially build the site using twenty ten and did used to use text widgets. I was hacked in August/Sept 2012 but it was just a redirection of the main page. I followed the wordpress codex suggestions and moved on to buy a theme as I felt this would be more secure.

    It is interesting how the domain redirects as twenty eleven and not at the main theme I am using??

    Ill keep people posted on how it goes as this may be helpful to others if this is the problem

    ... and thanks @keesiemeijer for the link ... hopefully this will help.

Topic Closed

This topic has been closed to new replies.

About this Topic