About three months ago I reported that spam (in the form of a bunch of links to viagra sites and the like) had got injected into the graphene functions.php file. Today it happened again. I run the Wordfence plugin, which caught the discrepancy between my file and the genuine file in the WP repository. I also subscribe to sucuri.com, which flagged the spam and did a removal operation. Luckily this was caught and cleaned before the site was blacklisted anywhere. I have been using the graphene theme for a couple of years or more and like it a lot. I do wonder if there is a gap in it somewhere that allows spammers to inject their junk into its code. Then again the gap might be in some totally different plugin. If anyone has helpful thoughts about this I’d appreciate it.
I doubt very seriously that it’s a theme bug, or more of us would have this problem. This is most likely the result of a bad plugin, edits made to WordPress or Graphene core files, a malicious hack, or poor security on the part of your host.
You should be sure to read this page in the Codex: