Strange code

  • Oliver



    This strange code is on the slider and on all the top substance.

    # 0f2490 # if (empty ($ bu)) {$ BU = “”; echo $ bu;} # / 0f2490 #

    Anyone know why this happens?


    Kind regards



    Kenneth John Odle


    You have some bad JavaScript code in there.

    Are you using a child theme? Have you edited theme files? Have you tried disabling plugins to rule out a plugin issue?



    Yes, I am using a child theme, and I have move the CSS codes generated by the theme into the child theme’s style.css

    I have disabled all plugins also, but without luck.

    I have reinstalled the entire website, and it helps one day, then the bad code arrived again?


    Kenneth John Odle

    and it helps one day, then the bad code arrived again?

    It could be generated by one of your plugins. Have you installed any plugins that you didn’t get from the WordPress plugin repository at



    Yes, all from wordpress.

    I have reinstalled the config.php and. htaccess file. Uninstalled all plugins and reinstall again. Reinstalled Graphene Child.

    Nothing helps.

    Could it be a hack?

    I found other Danish and English wordpress sites that have this code:

    Please look here:

    And if you enter this site: facepaint (delete link)

    The AVG anti virus Alert Says: Virus= Exploit Blackhole Exploit Kit type 2726 which is why I discovered this code on my site.


    Kenneth John Odle


    You are only running WordPress 3.5, as is the other site you have linked to. You should update to 3.6 to take advantage of the latest security enhancements and see if that resolves the problem.

    Also, make sure that all of your plugins are up to date.

    If not, it is possible that your site has been hacked. You might want to take a look at the resources I have listed here:



    Hi Kenneth

    Thanks for your help, really appreciate it

    All plugins updated to last version.

    Wordpress is updated to last version, for some time ago?

    On FrontPage, my link to the Graphene theme is gone also.

    I will look at your link, and install more security on my site, chance password etc.

    I will be back when I have more information about this subject.



    You definitely have some malicious code on your site.

    I have taken it from your source code, and pasted it to pastebin, so you may see what it looks like:

    This can come from a variety of places; a bad plugin, a bad theme, a bad database entry, a bad plugin/theme that has injected the code into your header.php template file (or other template files).

    I would suggest going over to the WP forums.. and researching on how to find out if your site has been hacked.

    There, they will explain how to look for bad code; the most common ‘attack’ areas; etc.




    I deleted my website and used a backup. Changed password, installed firewall and security plugins.

    . htaccess file – changed permissions.

    This has thankfully helped.

    Many, many thanks for your help and advice 🙂

Viewing 9 posts - 1 through 9 (of 9 total)

  • You must be logged in to reply to this topic.