Damn!

Here you go, https://www.damnripped.com

Thanks.

Thanks. I have posted the question there as well. But I dont think there are actively replying to the queries.

Any help will be highly appreciated. At this point I’ve no where to go except wordpress forums.

Thanks.

Hi @seangreentree – Sean,

Please help me too. I’m tried of trying everything but still the popups wont go away. my website is https://www.damnripped.com

Please help. You are my last hope.

I am facing the same problem, please help. I deleted the plugin, removed the code, deleted the cache from wordpress and cdn and still the popups appear on my website.

@dammysholove Did you clear your cache? If not, do it. And if you are using cloudflare CDN/any CDN for that matter, try again after “purging cache” and putting it in development mode.

Hello @dammysholove,

Just Install wordfence security and scan your website. It will check your wordpress core files and plugins with the ones available in the official wordpress repository, and once it finds an anomaly it will show the “code change” in the results. You just have to deleted the injected code from the respective files. And besides that there would also be some new files in your wordpress, you have to remove them too.

Thanks.

Yes. I’m using WP Super Cache and Cloudflare CDN.

Thank you @gabriello

I have found the hexadecimal code and removed it. Apart from this there were several other codes snippets injected into my theme files. Besides this there was also a whole new file named class.wp.php. With the help of ‘wordfence” plugin I removed the extra codes and deleted the file and all is back to normal.

Thanks a lot again. much appreciated.

Thank you @kobay I have found it and removed it. Apart from this there were several other codes snippets injected into my theme files. Besides this there was also a whole new file named class.wp.php. With the help of ‘wordfence” plugin I removed the extra codes and deleted the file and all is back to normal.

I’m having this exact issue. Did you fix it?

replace all php files? you mean these files?

index.php
header.php
footer.php
function.php

I just looked at the table and can’t find the code in there. And my wordpress was up-to-date when this happened (yesterday).

I have and yes it been inserted into the post contents, at the start and end of the post. And the guide is too complex for me, also I cannot afford to hire someone to do it for me.

The “Find and remove the hack.” part is where I’m stuck. I have done all other steps.

Hello

Thanks for the prompt reply. I have already tried that plugin, and it throws “origin time-out” error when I try to search something, not sure what to do. I have already posted a ticket in the plugin support and the author is yet to get back to me.

Is there any other way that I could try?

Thanks in advance.

Hello,

I have tried everything already. I’ve scanned my site innumerable number of times.
Remote based scanners: Sucuri, virus total, is it hacked and sitecheck says my site is clean.
App based scanners: GOTMLS, Sucuri threw no errors.

All I want to know is what file is causing that piece of code appear in all pages and posts. Is there a way to know that?

Any help would be highly appreciated. Please.

Thanks in advance.