smoothiefresh

I found it! It was a super-long pharmahack thread right at the top of my site’s functions.php file. I’ve removed it and all seems fine. I’m also installing WordFence as we speak to search for any suspicious system admin logon attempts. See what that throws up.

Oh my goodness! After proverbially pulling my hair out for the past couple of days, I came across your post. I followed it to the word et voila! Nasty pharmahack gone!

An eternity of thanks to you, sir, for your help.

Did as you suggested songdogtech and you’re right, it’s not the plugin. I thought it was because that’s where the the dodgy link appears. Incidentally, the link has now changed to some rubbish “shemale” crap, so there’s definitely something wrong with the theme, I think. I’m having a look at it now (it’s a custom theme), but as I’m not tech-minded, I’ll muddle through until I find it.

Thanks, guys. I’ve checked the site and there’s no malware there at all – it’s come up clean on a number of different checks.

My suspicion is that it’s been someone written in to the affected plugin code (plugin in question is myStickyMenu). I’ve sent a message to the plugin author for his assistance, as I’m unable to figure out how to edit the plugin itself (i.e. to indeed customise my sticky menus).

Fingers crossed.

OK thank you…. figured it out after an hour in front of the telly and a cup of tea (a true ‘eureka!’ moment, lol!).