Title: willt87's Replies | WordPress.org

---

# willt87

  [  ](https://wordpress.org/support/users/willt87/)

 *   [Profile](https://wordpress.org/support/users/willt87/)
 *   [Topics Started](https://wordpress.org/support/users/willt87/topics/)
 *   [Replies Created](https://wordpress.org/support/users/willt87/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/willt87/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/willt87/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/willt87/engagements/)
 *   [Favorites](https://wordpress.org/support/users/willt87/favorites/)

 Search replies:

## Forum Replies Created

Viewing 10 replies - 1 through 10 (of 10 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Qty Increment Buttons for WooCommerce] Apple Pay not showing when plugin is enabled](https://wordpress.org/support/topic/apple-pay-not-showing-when-plugin-is-enabled/)
 *  Thread Starter [willt87](https://wordpress.org/support/users/willt87/)
 * (@willt87)
 * [6 years ago](https://wordpress.org/support/topic/apple-pay-not-showing-when-plugin-is-enabled/#post-12855136)
 * Hi [@taisho](https://wordpress.org/support/users/taisho/) you probably need a
   device and a card that is registered to Apple Pay to see it.
 * In the end I coded for my functions.php file and added some styling that did 
   the trick.
 * Thank you though.
 * If you don’t need Apple Pay, I thoroughly recommend this plugin.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WP Stripe Checkout] Customer name](https://wordpress.org/support/topic/customer-name/)
 *  Thread Starter [willt87](https://wordpress.org/support/users/willt87/)
 * (@willt87)
 * [7 years, 8 months ago](https://wordpress.org/support/topic/customer-name/#post-10750098)
 * Also is there an email address tag that can be included in the payment confirmation
   email? Thanks
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Site hacked – nemonn tag infected with scam description](https://wordpress.org/support/topic/site-hacked-nemonn-tag-infected-with-scam-description/)
 *  [willt87](https://wordpress.org/support/users/willt87/)
 * (@willt87)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/site-hacked-nemonn-tag-infected-with-scam-description/#post-3245991)
 * This is what I have found out about “nemonn”
 * Just removing the obfuscated javascript from the header will not work permanently.
 * There will be an additional base64 coded file elsewhere (the backdoor)- and possibly
   more than one. They seem to be located in the core wp-admin directory and are
   randomly named but seem to follow the update-randomname-randomname.php taxonomy.
 * Just updating / reinstalling WordPress from the admin won’t remove this file.
 * Additionally you should follow guidance given elsewhere for changing ALL passwords(
   FTP, database and WordPress admins) and follow instructions for Hardening WordPress.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Hacked/Malware, need help please](https://wordpress.org/support/topic/hackedmalware-need-help-please/)
 *  [willt87](https://wordpress.org/support/users/willt87/)
 * (@willt87)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hackedmalware-need-help-please/#post-3204839)
 * This is what I have found out about “nemonn”
 * Just removing the obfuscated javascript from the header will not work permanently.
 * There will be an additional base64 coded file elsewhere (the backdoor)- and possibly
   more than one. They seem to be located in the core wp-admin directory and are
   randomly named but seem to follow the update-randomname-randomname.php taxonomy.
 * Just updating / reinstalling WordPress from the admin won’t remove this file.
 * Additionally you should follow guidance given elsewhere for changing ALL passwords(
   FTP, database and WordPress admins) and follow instructions for Hardening WordPress.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [A new spam hack – including on wordpress.org](https://wordpress.org/support/topic/a-new-hack-including-wordpressorg/)
 *  [willt87](https://wordpress.org/support/users/willt87/)
 * (@willt87)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/a-new-hack-including-wordpressorg/#post-3239168)
 * This is what I have found out about “nemonn”
 * Just removing the obfuscated javascript from the header will not work permanently.
 * There will be an additional base64 coded file elsewhere (the backdoor)- and possibly
   more than one. They seem to be located in the core wp-admin directory and are
   randomly named but seem to follow the update-randomname-randomname.php taxonomy.
 * Just updating / reinstalling WordPress from the admin won’t remove this file.
 * Additionally you should follow guidance given elsewhere for changing ALL passwords(
   FTP, database and WordPress admins) and follow instructions for Hardening WordPress.
 *   Forum: [Themes and Templates](https://wordpress.org/support/forum/themes-and-templates/)
   
   In reply to: [[Theme: Meeta] How to remove Popular Posts Tags in Header](https://wordpress.org/support/topic/theme-meeta-how-to-remove-popular-posts-tags-in-header/)
 *  [willt87](https://wordpress.org/support/users/willt87/)
 * (@willt87)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/theme-meeta-how-to-remove-popular-posts-tags-in-header/#post-3224696)
 * This is what I have found out about “nemonn”
 * Just removing the obfuscated javascript from the header will not work permanently.
 * There will be an additional base64 coded file elsewhere (the backdoor)- and possibly
   more than one. They seem to be located in the core wp-admin directory and are
   randomly named but seem to follow the update-randomname-randomname.php taxonomy.
 * Just updating / reinstalling WordPress from the admin won’t remove this file.
 * Additionally you should follow guidance given elsewhere for changing ALL passwords(
   FTP, database and WordPress admins) and follow instructions for Hardening WordPress.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [SEO Issues](https://wordpress.org/support/topic/seo-issues-1/)
 *  [willt87](https://wordpress.org/support/users/willt87/)
 * (@willt87)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/seo-issues-1/#post-3242582)
 * Yes, just delete it. It won’t affect the functionality of your site. The bigger
   issue is how it got there in the first place.
 * Change all your passwords (FTP, database and wordpress admin).
 * I’ll let you know if I find any secondary hacks.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Hacked/Malware, need help please](https://wordpress.org/support/topic/hackedmalware-need-help-please/)
 *  [willt87](https://wordpress.org/support/users/willt87/)
 * (@willt87)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/hackedmalware-need-help-please/#post-3204838)
 * That is almost certainly the file! But it’s possible that there are others. Delete
   it and change all your passwords (FTP, database, wordpress admin).
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [SEO Issues](https://wordpress.org/support/topic/seo-issues-1/)
 *  [willt87](https://wordpress.org/support/users/willt87/)
 * (@willt87)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/seo-issues-1/#post-3242580)
 * A client of mine was hacked with ‘neonmm’ in recent days on GoDaddy hosting.
 * I found a base64_decode file called upgrade-merrili-janean.php in the core wp-
   admin directory, which I’m pretty sure is connected.
 * Hope this helps someone.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Site hacked – nemonn tag infected with scam description](https://wordpress.org/support/topic/site-hacked-nemonn-tag-infected-with-scam-description/)
 *  [willt87](https://wordpress.org/support/users/willt87/)
 * (@willt87)
 * [13 years, 6 months ago](https://wordpress.org/support/topic/site-hacked-nemonn-tag-infected-with-scam-description/#post-3245990)
 * A client of mine was hacked with ‘neonmm’ in recent days on GoDaddy hosting.
 * I found a base64_decode file called upgrade-merrili-janean.php in the core wp-
   admin directory, which I’m pretty sure is connected.
 * Hope this helps someone.

Viewing 10 replies - 1 through 10 (of 10 total)