insurgenesis

Yes there’s firewall.
So I think it’s internal not external.
The situation is that a certain plugin attempts to connect to an outside location. It’s JavaScript related. When I disable JavaScript in the browser it seems it doesn’t do it.
But when JavaScript is ON, (even when I’ve removed all instances of the code that produces the call) it connects to that location upon page load.

I suspect I know what it’s doing and where it sends information to.
I’ve removed all instances of the code that produces the behaviour which logged itself in certain posts, and also removed the plugin.
But clearly there’s peripheral damage as well.
How do I know it hasn’t gone much deeper?
And how can I restore it?

OK but my site isn’t live yet – I’m working locally, and this incident was caused by a plugin.
So my question is, why does everything appear to broken even after I have disabled the culprit plugin?
I mean, what other things should I be considering now?

Are there any standardised scans or security plugins one can use to get rectify the situation or get more info on the sort of damage?

Sorry, went back to default theme.
Upon page load same message appears.
It seems to be connecting to a site (or is instructed to do so) regardless of my choice of plugins and theme.
What is an sql injection?

It’s not a plugin – I disabled all.
I’m using a child theme. Perhaps you know where else I can look?

thanks

Is there any way to be certain this thing hasn’t inscribed itself into everything?
Even when I delete the code from my posts in html view and press update it connects again to the very same place.

It’s really disconcerting that this sort of thing is rampant and widespread – considering that it’s only local still.

I don’t know What to do.

…For what it’s worth in this context, my wp-config “block external requests” is set to true. I would like to believe this illustrates the extent to which I wanted to be isolated from the external.

In your opinion, does it sound like injection?
And if so, will I be able to find/remove the origin of the code in a plugin’s source file, or is the whole idea to remove the cause-plugin entirely and never use attempt to it again?

Thanks for your quick response.
How can I run it on a site that’s on my local server on not live yet?

When the site is fully loaded and I do Ctrl + U I can actually see all the instances of the code.
I think it’s what’s known as a script inject.
The bad news is that the code’s still there after deactivating plugins.
Will I be OK if all (visible) instances of the code can be removed, or should I use something more sophisticated to find and remove?

Hi thanks for the quick reply
I checked this and I’m using IE8 (not 64-bit version) but it needs to work in both 32 and 64-bit on either IE9 and IE8.

Do you know of other possibilities to get it working?

Thank you opajaap, I’ll look at the code again.
I like the plugin but I need to configure it.
Will post a link if the problem persists.

I’m working on my local server.
Is there another method I can use so that you would be able to see my settings?