Your scanner isn’t picking up the injection Sucuri is finding and I have updated definitions. I can’t even find these injections manually in the code myself. Any help you can provide would be appreciated.
That is because this threat is usually not in any of your files. Instead, this malicious HTML is injected directly into your database. You’ll need to look in your post/page content (using the text tab so that you can see the HTML tags that you don’t want there) and remove the unwanted text manually.
Your bigger problem is that the hacker(s) will likely still have remote access to your database and they can re-inject this unwanted content. There was a widespread outbreak of this particular threat on TSOHOST recently and a number of their customers reported repeated hacks without any recourse to stop them from injecting the same links into their database.
I would suggest changing your DB_PASS and updating your wp-config.php file. If that does not stop repeated infections then you may have to look for a more secure host.
I didn’t see any injection in the DB. When I look at the source the code is in the header area.
If it’s not in your theme’s header.php then I would reaffirm that it’s in the database. Try looking in the wp_options table, hat is where special header output is usually stored.
So I haven’t been able to find anything in the DB and the injection remains when I switch all the plugins off and change the theme…Going to rebuild it next but quick question…In your plugin in should I be able to check the box for “Core File Changes” after I donated? It’s still a red circle with an x in it.
All you need to do is enable the automatic updates and that will install the core files definitions for you.
Cool…I guessed I missed that and once I did that I was able to select the core files option.
Thanks!
