Home Forums Weaver II Theme Weaver II Pro Existing site with embedded hack code

This topic contains 5 replies, has 4 voices, and was last updated by  Weaver 5 hours, 11 minutes ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #51798

    businessnaples
    Participant

    We have an existing site in Weaver II Pro. I know we need to migrate but just can’t do it now. Discovered that most pages on the site have some embedded code that is not part of anything accessible via WP or Theme settings. It is inserted directly after <!–#wrap-header –> == $0. The inserted code is:

    The link is slightly different on some of the pages. I guess it got there through some kind of hacking although malware scans don’t find any issues.

    If I re-load the whole theme will that clear all these out? If so, can you advise the best way to do this (backup all the settings, remove weaver II completely, reload the theme, restore the backup settings?). I want to be sure I don’t wreck the whole site.

    Thanks

    #51799

    businessnaples
    Participant

    The code is:

    < div class=’apotek’ id=’709855′>

    < /div>

    #51800

    scrambler
    Moderator

    First deactivate ALL non weaver plugin, to make sure it is not coming from one of them.
    If the code goes away, reactivate one by one testing in between to find the culprit.
    If the code is still there, then you may have been hacked. If so, it is hard to know how deep it has been placed.

    Downloading a copy of your settings, then switching to a different theme would allow you to see if the code is still there on a different theme.
    If so, the hack is in the WordPress installation.
    If the code is not there in another theme, then make sure you download a copy of the weaver theme and plugin, then delete all Weaver theme and plugins, and then reinstall from scratch. All your settings should be back automatically.

    #51829

    Maureen
    Participant

    You can also try running a scan with a security plugin. I have used Wordfence on a site that was hacked and it found and deleted the code.

    #51938

    businessnaples
    Participant

    Interestingly enough, Wordfence does not see this. I scan all sites daily with Wordfence looking for just about everything and it never reported it. I have since uninstalled Weaver II and then installed again (2.2.2 to 2.2.4) and all works OK and the hacker code is all gone. Guess I now better start reading up on how I’m going to convert to Weaver Xtreme! Thanks for the help.

    #51942

    Weaver
    Keymaster

    Since Weaver II is obsolete and no longer available from WordPress.org, Wordfence does not have access to the original theme files to do a comparison looking for changes.

    This will be true for any non-WordPress.org theme or plugin.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.