Offending code in source

  • Hi everyone,

    After many, many months, I’ve finally finished building my website (www.smoothiefresh.co.uk). Bear in mind that I have zero programming or developer knowledge whatsoever.

    I took Maintenance mode off and opened the site on another computer that wasn’t autologged in to my WP. I noticed a problem: there is a rogue hyperlink to some crappy viagra news rubbish, which incidentally doesn’t actually lead anywhere.

    I’ve searched high and low throughout my theme files, header files, sidebar files…. everywhere! But I can’t find the damned link anywhere.

    So I opened the source code from my web browser and lo and behold I found the offending code:

    <a href="https://... moderated.... /viagra-patent-expiration-date-in-arab-emirates/">viagra patent expiration date in arab emirates</a>

    The whole section of the code is:

    color: #ED1D23;
margin-top: 10px;
}</style><noscript><style> .wpb_animate_when_almost_visible { opacity: 1; }</style></noscript></head>
<body class="home page page-id-191 page-template-default wpb-js-composer js-comp-ver-4.5.1 vc_responsive">

<div id="style-main">
<nav class="style-nav">
    <div class="style-nav-inner">

<ul class="style-hmenu menu-2">
	<li class="menu-item-193 active"><a href="https://smoothiefresh.co.uk/">Home</a>

	<li class="menu-item-262"><a href="#">What We Offer</a>

<ul>
		<li class="menu-item-80"><a href="https://smoothiefresh.co.uk/package-deals/">Package Deals</a>

		<li class="menu-item-554"><a href="https://smoothiefresh.co.uk/smoothies/">Smoothies</a>

		.........  moderated

    ______

    Now…. It is a custom header, which is within a custom-built theme (someone made if for me, but now I can’t get hold of them).

    Any ideas at all as to where I can find this rogue hyperlink code in the PHP files of my WP, so that I can delete it once and for all?

    Any help would be very greatly appreciated.

Viewing 6 replies - 1 through 6 (of 6 total)

  • Although you’ve found it in the browser the code is most likely being injected into your page so you won’t see it in the header.php file.

    Unfortunately there isn’t a quick solution to this, but my advice would be to have a read through this page and try some of the solutions offered.

    Where did the theme come from? Also have you just used plugins from www.remarpro.com?

    It is a custom header, which is within a custom-built theme (someone made if for me, but now I can’t get hold of them…

    You could have been hacked, but the spam link is in your menu, so check your menus first. The link could have simply been put in by the theme author.

    But also see FAQ – My Site Was Hacked.

    Thread Starter smoothiefresh

    (@smoothiefresh)

    Thanks, guys. I’ve checked the site and there’s no malware there at all – it’s come up clean on a number of different checks.

    My suspicion is that it’s been someone written in to the affected plugin code (plugin in question is myStickyMenu). I’ve sent a message to the plugin author for his assistance, as I’m unable to figure out how to edit the plugin itself (i.e. to indeed customise my sticky menus).

    Fingers crossed.

    I doubt it’s that plugin; the source code for the plugin is clean. Switch to the twentyfifteen theme for a minute, with the same menus, and see if the link is there.

    Thread Starter smoothiefresh

    (@smoothiefresh)

    Did as you suggested songdogtech and you’re right, it’s not the plugin. I thought it was because that’s where the the dodgy link appears. Incidentally, the link has now changed to some rubbish “shemale” crap, so there’s definitely something wrong with the theme, I think. I’m having a look at it now (it’s a custom theme), but as I’m not tech-minded, I’ll muddle through until I find it.

    Thread Starter smoothiefresh

    (@smoothiefresh)

    I found it! It was a super-long pharmahack thread right at the top of my site’s functions.php file. I’ve removed it and all seems fine. I’m also installing WordFence as we speak to search for any suspicious system admin logon attempts. See what that throws up.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Offending code in source’ is closed to new replies.

Tags