Title: Suspicious script Last modified: January 6, 2020 --- # Suspicious script * [TokoDaring.Com](https://wordpress.org/support/users/wpjakarta/) * (@wpjakarta) * [6 years, 4 months ago](https://wordpress.org/support/topic/suspicious-script/) * Hello, I would like seeking help from wordfence expert about this script. Does it script really suspicious? * [https://postimg.cc/D8Rm1Z50](https://postimg.cc/D8Rm1Z50) * Around 3 days ago before using wordfence, i found that script from awsnap viewer. Just for preventive step i change my theme to twenty-twenty and all become clear. I reinstall my theme so i think i will get new fresh instalation theme folder and look clear. * But now it appear again. Please also guide me how to secure it of it really suspicious. * Really hope your help. Thank you Viewing 2 replies - 1 through 2 (of 2 total) * [wfdave](https://wordpress.org/support/users/wfdave/) * (@wfdave) * [6 years, 4 months ago](https://wordpress.org/support/topic/suspicious-script/#post-12298552) * Hi [@wpjakarta](https://wordpress.org/support/users/wpjakarta/), * It does look strange, but I don’t think any of the script links will even load properly. Some of them begin with `hxxps://, instead of the proper`[https://](https://wordpress.org/support/topic/suspicious-script/?output_format=md)`. * Even if they were using the proper protocol (https), they still wouldn’t be loading in anything malicious. * `https://c0.wp.com/c/5.3.2/wp-includes/js/jquery/ui/datepicker.min.js` is the correct URL for the datepicker JavaScript include. * `http://gmpg.org/xfn/11` is not malicious either. * Dave * Thread Starter [TokoDaring.Com](https://wordpress.org/support/users/wpjakarta/) * (@wpjakarta) * [6 years, 4 months ago](https://wordpress.org/support/topic/suspicious-script/#post-12298851) * hi dave, thank for your reply, then i try to tell you chronologicaly so maybe it can be easier to make conclusion. * (i) i run 2 site which are using different (premium) themes from the same vendor. ( ii) 1st site running without pagebuilder (widget only), 2nd site with pagebuilder.( iii) Setting, plugin installed almost the same. (iv) setting of caching plugin is exactly same. (v) all my two site showing the same strange script like above.( vi) i change the themes of the two site to twenty-twenty. (vii) my 1st site keep running with twenty-twenty until now and still looking good. (viii) but my 2nd i revert it to use previous theme so it have fresh folder instalation. (ix) unfortunately even it have fresh instalation but the strange script like coming back again. * since the caching plugin and the setting is the same so i’m not conclude this is a part of optimization of the site. i more to point problem coming from my theme. * p.s. this is not support question and but i would like to send the complete script `< !DOCTYPE html> < html class="no-js" lang="id-ID"> < head> < meta charset ="UTF-8"> < link data-optimized='2' rel='stylesheet' href='hxxps://my-domain- name.com/min/dc08a.css' /> < link rel='stylesheet' id='wp-block-library-css' href='hxxps://c0.wp.com/c/5.3.2/wp-includes/css/dist/block-library/style.min. css' type='text/css' media='all' /> < link rel='stylesheet' id='wp-block-library- theme-css' href='hxxps://c0.wp.com/c/5.3.2/wp-includes/css/dist/block-library/ theme.min.css' type='text/css' media='all' /> < link rel='stylesheet' id='ap- jquery-ui-style-css' href='//ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/themes/ smoothness/jquery-ui.css' type='text/css' media='all' /> < link rel='stylesheet' id='jetpack_css-css' href='hxxps://c0.wp.com/p/jetpack/8.0/css/jetpack.css' type ='text/css' media='all' /> < sc​ript type='text/javascript' src='hxxps://c0.wp. com/c/5.3.2/wp-includes/js/jquery/jquery.js'> < / sc​ript > < sc​ript data-optimized ='1' src='hxxps://my-domain-name.com/min/08c87.js' defer> < / sc​ript > < sc​ ript type='text/javascript' src='hxxps://c0.wp.com/c/5.3.2/wp-includes/js/jquery/ jquery-migrate.min.js' defer data-deferred="1"> < / sc​ript > < sc​ript type=' text/javascript' src="hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery- ui.min.js' defer data-deferred="1"> < / sc​ript > < sc​ript type='text/javascript' src='hxxps://c0.wp.com/c/5.3.2/wp-includes/js/jquery/ui/core.min.js' defer data- deferred="1"> < / sc​ript > < sc​ript type='text/javascript' src='hxxps://c0. wp.com/c/5.3.2/wp-includes/js/jquery/ui/datepicker.min.js' defer data-deferred ="1"> < / sc​ript > < meta name="viewport" content="width=device-width, initial- scale=1"> < link rel="profile" href="hxxps://gmpg.org/xfn/11">` Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Suspicious script’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) * 2 replies * 2 participants * Last reply from: [TokoDaring.Com](https://wordpress.org/support/users/wpjakarta/) * Last activity: [6 years, 4 months ago](https://wordpress.org/support/topic/suspicious-script/#post-12298851) * Status: not a support question