Site got hacked

You can download and open all of your theme and plugin files in notepad++ and then search for that specific link on all files and then maybe you will find the file which is infected.

1 Like

Can i directly download to notepad++ ??

Do you have Anydesk? I can check these things for you

I’m out side I will give by late nyt
Is it ok for you

Try viewing the source code of the page to find the link, then install better search replace and put that link in the search box and replace it with a blank space. Try it.

To clean up …

  • Renew WordPress core files

  • Use Sring Locator plugin to search target malicious anchor text or SSH …

grep -R "Lindsay Womens Jersey" .
  • Scan with WordFence

These 2 codes are on a specific page (i noticed )in my website
When I directly visit i can find it.but when I go through Google search,these codes appear.
What to do ?

Hello dear,

By chance, did anyone uploaded nulled theme or plugin to your site?

1 Like

Check Appearance->Editor-> header.php or Footer.php or functions.php
Check that source on this 3 file and remove it asap

1 Like

all files are clear, nothing there

@GulshanKumar @svignesh1994
can you tell me if you can find this code in my website or not ?

1 Like

Yes, I can find.

So what to do now ?

You need to search that malicious code and remove it.

please share screenshot

I checked again, it looks clean now.

thats why I’m confused
I think google has cached it, thats why when someone go to site via google search the code appears
:confounded: :confused:

Fetch it as Googlebot using search console.

Nothing found when tested

After a couple of days, I have successfully found out the malware of my website.
Its in /public_html/wp-includes/wp-tmp.php file in my website.
Here are my recent research

So @GulshanKumar I’m providing my wp-tmp.php at here. Please remove this 2 malware js codes & give me the safe file.