Title: Security breach (JavaScript inserted) Last modified: August 20, 2016 --- # Security breach (JavaScript inserted) * [2biazdk](https://wordpress.org/support/users/2biazdk/) * (@2biazdk) * [14 years, 1 month ago](https://wordpress.org/support/topic/security-breach-javascript-inserted/) * Hi guys, * My client, JudithKrautwald.dk, has now several times experienced some kind of‘ hacking’ of her websites, where a few lines of JavaScript code is inserted on the bottom of some JS-files. _ [ Don’t post malware code here. If you must the use [pastebin.com](http://pastebin.com/) instead. ] * How can I prevent this from happening? Is it due to a plugin with a security breach? * My plugins are: - Admin Bar Removal Akismet BulletProof Security Custom Login Logo Lite Disable WordPress Widgets Google Analytics Google XML Sitemaps Remove posts from wp- admin TinyMCE Advanced Tiny MCE Tabfocus Patch uBillboard * Thanks in advance! * Kind regards, Tobias Viewing 2 replies - 1 through 2 (of 2 total) * [kmessinger](https://wordpress.org/support/users/kmessinger/) * (@kmessinger) * [14 years, 1 month ago](https://wordpress.org/support/topic/security-breach-javascript-inserted/#post-2662797) * Please do not post malware code here. * Notify your host ASAP. * Follow all this information. [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html) * For checking site. [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) * [LucP](https://wordpress.org/support/users/towonder/) * (@towonder) * [14 years, 1 month ago](https://wordpress.org/support/topic/security-breach-javascript-inserted/#post-2662798) * Is everything up to date? * If so, check your database to see if they added extra users or malicious content. Change the passwords to your FTP server, WordPress installation and database. Remove your admin account and create a new administrator with a lesser obvious name. Make sure your passwords are also ‘strong’. * Check the permissions (the chmod) on your folders. The only folder that might be ‘777’ is wp_content/uploads. Other folders should be 755 or 765. * If you want to be really safe; re-install the core. Choose a different database prefix. * If the problem reoccurs; contact your host. There are a lot of good WordPress- minded hosts out there. A great check to see if your host is a terrible combination with WordPress is to try and update plugins or the core using the admin interface; if WordPress asks for your FTP-settings it’s probably not a great host. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Security breach (JavaScript inserted)’ is closed to new replies. ## Tags * [hacking](https://wordpress.org/support/topic-tag/hacking/) * [js](https://wordpress.org/support/topic-tag/js/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 2 replies * 3 participants * Last reply from: [LucP](https://wordpress.org/support/users/towonder/) * Last activity: [14 years, 1 month ago](https://wordpress.org/support/topic/security-breach-javascript-inserted/#post-2662798) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics