Could you please post your website URL for inspection?
I have had the same thing happen to one of my sites that I run for a volunteer organization
http://scqaa.com – only in chrome, under the banner just above the menu I have a link (spam) for pharmaceuticals. I do not see this ad show up in IE or FireFox – but I have to say I don’t use this particular theme, I use Essence theme for the site. But thought I would post this here to make sure the info was shared to broaden the scope from just a single theme.
I am trying to look into my plug ins that I may have updated in the last couple of days that caused the issue
@scqaa-webmaster
You are not using Travelify theme.
But I see that this code is placed right before closing header tag. Make sure to open header.php file and check if you can see that link there. If it is not there then your website has some injection that outputs this code with wp_head which means that your website might be hacked.
Yep – I did admit I’m not using that theme, just wanted to share it wasn’t directly related to your theme but something broader. π
Thanks for the tips. appreciate it
Ok, my bad.
Make sure to check header.php file if there is not anything suspicious. If you can’t find anything you can copy/paste all content in Pastebin and share URL here, so I can see everything myself.
Last intrusion here – but hopefully this will help.
I found I had an old plug in activated that has since be superseded by functionality in Jetpack
Customize Admin Version 1.6.6 | By Johan van der Wijk
Last update was over a year ago and it seems (for me at least) this was the culprit – Hopefully this may help the original poster
Hi there, sure my website is at http://www.kidfreetravel.com
Of course when I go to it now I don’t see it but I saw the spam text this morning and over the past couple of weeks.
Thanks for looking into it!
~Laquel
@kidfreetravel
Could you please post everything that you have in header.php file and header-extensions.php file (you can find it in theme folder – library – strucutre) on Pastebit and share link here, so I can see if nothing suspicions is going on.
But is is also very likely that this link is hooked to some function or otherwise added here.
In the header.php:
<?php
/**
* Displays the header section of the theme.
*
*/
?>
<!DOCTYPE html>
<html <?php language_attributes(); ?>>
<head>
<?php
/**
* travelify_title hook
*
* HOOKED_FUNCTION_NAME PRIORITY
*
* travelify_add_meta 5
* travelify_show_title 10
*
*/
do_action( ‘travelify_title’ );
/**
* travelify_meta hook
*/
do_action( ‘travelify_meta’ );
/**
* travelify_links hook
*
* HOOKED_FUNCTION_NAME PRIORITY
*
* travelify_add_links 10
* travelify_favicon 15
* travelify_webpageicon 20
*
*/
do_action( ‘travelify_links’ );
/**
* This hook is important for wordpress plugins and other many things
*/
wp_head();
?>
</head>
<body <?php body_class(); ?>>
<?php
/**
* travelify_before hook
*/
do_action( ‘travelify_before’ );
?>
<div class=”wrapper”>
<?php
/**
* travelify_before_header hook
*/
do_action( ‘travelify_before_header’ );
?>
<header id=”branding” >
<?php
/**
* travelify_header hook
*
* HOOKED_FUNCTION_NAME PRIORITY
*
* travelify_headerdetails 10
*/
do_action( ‘travelify_header’ );
?>
</header>
<?php
/**
* travelify_after_header hook
*/
do_action( ‘travelify_after_header’ );
?>
<?php
/**
* travelify_before_main hook
*/
do_action( ‘travelify_before_main’ );
?>
<div id=”main” class=”container clearfix”>
The above was pulled from wordpress but I’ll log into my host to see if I can get the header-extensions.php. Thanks!
Nothing suspicious with this one. Now post content from header-extensions.php file. But please, please use Pastebin or otherwise you will be kicked out from WordPress.org by moderators.
Hi there,
Thanks for checking the above. I finally figured out how to get to the header extension file and use pastebin π
here is the link: http://pastebin.com/EWLb9DR1
@kidfreetravel
And the bad news are that this file is not infected as well and code is generated from somewhere else. π
Here are things you can do:
1. Ask your hosting provider to scan your website for malware.
2. Hire someone to get through your website. You can find someone from oDesk, Freelancer.com or here: http://jobs.wordpress.net/
3. Try to temporarily switch to another theme such as WordPress default theme – Twenty Fifteen but this most likely are not going to resolve this issue and malicious code is somewhere else entirely.
4. You can also send me a message via contact form and I might try to help but I will need full access to your website as otherwise I can’t help.
Personally I would start by contacting your hosting provider and ask to scan your website.
Ahh…not good. Thanks so much for looking into this for me, I really appreciate it. I was wondering how this was happening and couldn’t figure it out. I’ll start with my hosting company and see if they can figure out what is going on. Thanks so much and I’ll touch back with you if I need additional help.
~Laquel
Also you might want try to disable all plugins to see if it injection is done vis plugin
