Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
I’m afraid your website has been compromised and you need to start working your way through these resources:
Additional Resources:
Hi Andrew,
Thanks for all the info – I’m working my way through it…
Just out of interest how did you know it was a hack not a dodgy plug-in etc, just so I know for future reference?
Many thanks
Lara
Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
When something appears on your site that isn’t part of a plugin, theme, wordpress core, or your hosting providers, then someone has access to the files of your website. By the time the person has added the dodgy link they’ve probably already left a backdoor in so that they can walk straight back into your site even if their dodgy plugin was deleted. I’m not sure how you were hacked though, maybe it wasn’t a dodgy plugin. Your hosting providers should be notified and they may have a look at their server logs to explore any weird activity.
Lara, that would be because many people with your problem appear every day, posting this list of links has become a habit. Unwanted links don’t appear out of thin air, if you didn’t place them, something else did.
You can test for yourself if this isn’t related to a plugin very easily : turn off all your plugins (or one by one but it would consume much more time) and see if that happens again, in a situation where you can be sure you’re reproducing the problem at will.
Same thing with the themes, by reverting to a default theme, it will be also affected if it’s caused by something else than your current theme. It may take a day or two to come back and infest your new theme, though.
I’ve been looking through the Appearance editor, and there appears to be a couple of stange things – I’m not very good on code but style_old.php looks distinctly dodgy for a start. Can anyone help me with a list of what php’s there SHOULD be?
Thanks
Every theme may have its own files, so there’s no telling it like that, Laratlewis. That said, if you didn’t customize your theme, you can safely delete it and reinstall/redownload it.
But, you know, a hacked website can inject code into your template in various ways, not necessarily through adding code to your template itself.
Thanks for all your help everyone. I have done as much of what you suggested as I can and have reported it to my web hosting company. The problem appears to be resolved, I just hope I haven’t left a back door open!
Kind regards
Lara
