[jodirogers]

jodirogers

#10250

Hi there, my client’s site was recently hacked and the following code place in the head section, so that the banner now links to grunna.com:

<script type="text/javascript">

jQuery(document).ready(function ($) {

$(".home .header-img").wrap("<a href='http://www.gruuna.com/'></a>");

});

</script>

Where would I go to look for this code in Graphene?

*could be worse, could have been linked to a porno site!*

[Kenneth John Odle]

Kenneth John Odle

#45713

From wordpress.org:

You need to start working your way through these resources:

• https://codex.wordpress.org/FAQ_My_site_was_hacked
• https://wordpress.org/support/topic/268083#post-1065779
• http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
• http://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:

• http://sitecheck.sucuri.net/scanner/
• http://www.unmaskparasites.com/
• http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

[Kenneth John Odle]

Kenneth John Odle

#45714

You can always simply upload a fresh copy of Graphene via FTP, but do have a look at those other resources as well, since infected files can also occur outside of your theme. Such code could be being injected by a plugin.

[jodirogers]

jodirogers

#45715

Hi Kenneth, thanks for your reply. I deleted/reinstalled all plugins and just when I thought everything was cleaned up, *poof* came that banner link again. So I did another reinstall and this time included the Graphene and Neo mobile themes. Things are looking good now. Love the Graphene theme and the Neo mobile adapter. Merry Christmas to you!

Kind regards,

Jodi