October 9, 2017 at 23:26 UTC - Views: 19 #51798
We have an existing site in Weaver II Pro. I know we need to migrate but just can’t do it now. Discovered that most pages on the site have some embedded code that is not part of anything accessible via WP or Theme settings. It is inserted directly after <!–#wrap-header –> == $0. The inserted code is:
The link is slightly different on some of the pages. I guess it got there through some kind of hacking although malware scans don’t find any issues.
If I re-load the whole theme will that clear all these out? If so, can you advise the best way to do this (backup all the settings, remove weaver II completely, reload the theme, restore the backup settings?). I want to be sure I don’t wreck the whole site.
ThanksOctober 9, 2017 at 23:28 UTC - Views: 18 #51799
The code is:
< div class=’apotek’ id=’709855′>
< /div>October 9, 2017 at 23:46 UTC - Views: 16 #51800
First deactivate ALL non weaver plugin, to make sure it is not coming from one of them.
If the code goes away, reactivate one by one testing in between to find the culprit.
If the code is still there, then you may have been hacked. If so, it is hard to know how deep it has been placed.
Downloading a copy of your settings, then switching to a different theme would allow you to see if the code is still there on a different theme.
If so, the hack is in the WordPress installation.
If the code is not there in another theme, then make sure you download a copy of the weaver theme and plugin, then delete all Weaver theme and plugins, and then reinstall from scratch. All your settings should be back automatically.October 12, 2017 at 13:21 UTC - Views: 12 #51829
You can also try running a scan with a security plugin. I have used Wordfence on a site that was hacked and it found and deleted the code.October 21, 2017 at 22:30 UTC - Views: 7 #51938
Interestingly enough, Wordfence does not see this. I scan all sites daily with Wordfence looking for just about everything and it never reported it. I have since uninstalled Weaver II and then installed again (2.2.2 to 2.2.4) and all works OK and the hacker code is all gone. Guess I now better start reading up on how I’m going to convert to Weaver Xtreme! Thanks for the help.October 22, 2017 at 17:38 UTC - Views: 3 #51942
Since Weaver II is obsolete and no longer available from WordPress.org, Wordfence does not have access to the original theme files to do a comparison looking for changes.
This will be true for any non-WordPress.org theme or plugin.
You must be logged in to reply to this topic.