Title: Will it work on this code? Last modified: August 31, 2016 --- # Will it work on this code? * Resolved [Sherman](https://wordpress.org/support/users/sdye557livecom/) * (@sdye557livecom) * [10 years, 1 month ago](https://wordpress.org/support/topic/will-it-work-on-this-code/) * So a couple of weeks ago I was looking over my site and I found this odd javascript code at the bottom of the “contact us” page in my website. I tried looking to see where it was located, but I’ve had no luck so far. Thinking it was just related to that page, I deleted and re-added the page (after disabling and re-enabling my plugins). No luck. * Then the other day I decided to check all the pages, and sure enough, the code appears on all of them. This prompted me to check the footer.php file, but the code isn’t there either. * Here’s the code in question: * ``` /* -1 && (a.length > 28)){s='';j=27+ 1 + a.indexOf("/cdn-cgi/l/email-protection");if (a.length > j) {r=parseInt(a.substr(j,2),16);for(j+=2;a.length>j&&a.substr(j,1)!='X';j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}j+=1;s+=a.substr(j,a.length-j);}t.innerHTML=s.replace(//g,">");l[i].setAttribute("href","mailto:"+t.value);}}catch(e){}}}catch(e){}})(); /* ]]> */ ``` * The result is that when someone plugs information into the form, that information is erased (or sent somewhere else, which is even worse, since it could potentially capture private information), and the user is bumped back to the home page of the site. * So my question is, does this plugin work on code like this, and will it restore my site’s original functionality? I’d rather not download and install the plugin only to find out I’ve wasted my time. * Thanks. * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/) Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/) * (@wfmattr) * [10 years, 1 month ago](https://wordpress.org/support/topic/will-it-work-on-this-code/#post-7091060) * Does your site use CloudFlare? This looks like it might be their email obfuscation option — if you can temporarily pause CloudFlare and check the site again, see if the code is still there. If it’s gone, I think you can turn that feature off in CloudFlare’s site. * If you don’t use CloudFlare and your host doesn’t include it in your hosting package either, then it’s possible it comes from a plugin on the site. * -Matt R * Thread Starter [Sherman](https://wordpress.org/support/users/sdye557livecom/) * (@sdye557livecom) * [10 years, 1 month ago](https://wordpress.org/support/topic/will-it-work-on-this-code/#post-7091080) * I disabled both Jetpack and CloudFlare from the WordPress admin panel, but the code is still there. Any further ideas? I have searched online and even tried( though not successfully) using php to comment the code out, but when I did that, it broke the site completely, so I undid the change. * Thanks in advance for any help or suggestions you might have. * Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/) * (@wfmattr) * [10 years, 1 month ago](https://wordpress.org/support/topic/will-it-work-on-this-code/#post-7091081) * Hi, * For the CloudFlare part, if this is the case, you will need to log into your CloudFlare account and change the settings to turn off the email obfuscation feature (or just “pause” CloudFlare temporarily to test it). * (You can keep the CloudFlare plugin enabled during testing and afterward too.) * -Matt R * Thread Starter [Sherman](https://wordpress.org/support/users/sdye557livecom/) * (@sdye557livecom) * [10 years, 1 month ago](https://wordpress.org/support/topic/will-it-work-on-this-code/#post-7091092) * So I changed the setting yesterday evening, and I’ve been out of the house today, so I haven’t been able to check it out until just now. With the email obfuscation option turned off, the nefarious code still appears at the bottom of the page when I view source code from google chrome. * Thread Starter [Sherman](https://wordpress.org/support/users/sdye557livecom/) * (@sdye557livecom) * [10 years, 1 month ago](https://wordpress.org/support/topic/will-it-work-on-this-code/#post-7091093) * Update: So I decided to pause cloudflare completely and the script did go away, so you’re right that it’s from CF. I just have to figure out which setting controls it. * Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/) * (@wfmattr) * [10 years ago](https://wordpress.org/support/topic/will-it-work-on-this-code/#post-7091134) * Great, if you haven’t found the CloudFlare email obfuscation option yet, I saw a post that said it is in the “scrape shield” settings. Their support staff might also be able to help determine why it’s affecting other plugins. * -Matt R Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Will it work on this code?’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [javascript](https://wordpress.org/support/topic-tag/javascript/) * [site hack](https://wordpress.org/support/topic-tag/site-hack/) * 6 replies * 2 participants * Last reply from: [WFMattR](https://wordpress.org/support/users/wfmattr/) * Last activity: [10 years ago](https://wordpress.org/support/topic/will-it-work-on-this-code/#post-7091134) * Status: resolved