homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Gold Sponsor 2015!
Home / Forums Index / Code, Content, and Presentation / WordPress
Forum Library, Charter, Moderators: lorax & rogerd

WordPress Forum

Wordpress Error This site may be compromised
Code was inserted below the body tag with third party links

Msg#: 4563009 posted 6:57 am on Apr 9, 2013 (gmt 0)

Today i was doing a manual search for my website in google and received an error on the listing page (the site may have been compromised), so i did a manual check for my wordpress website pages and found link back to third party sites which were not visible on the front end but was visible when i viewed the source code. I have already deleted it from the header.php file in WordPress, but i just wanted to know how can i prevent this from happening in the future, does WordPress provides any security measures to avoid such attacks like XFF, code injectin and sql injection. The code inserted was seen between the <body> tag and <div id="header">. I searched for plugins in WordPress, does those plugin help in avoiding such cases, there are hundreds of plugin's available, and it is very hard to choose one, can any one recommend a good plugin.



5+ Year Member

Msg#: 4563009 posted 7:10 am on Apr 9, 2013 (gmt 0)

Check that you have the latest version running.

I have never liked the way that these CMS require leaving so many files and folders writable just so that you can update plugins easily. But this may not be where the problem lays if they are editing database records to get to your templates.


Msg#: 4563009 posted 10:57 am on Apr 9, 2013 (gmt 0)

I am running the latest version of wordpress i.e 3.5.1. I just wanted to know, from where the hacker might have inserted the code, from the search box, comment box or by using some other tricks


WebmasterWorld Administrator lorax us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Msg#: 4563009 posted 12:07 pm on Apr 9, 2013 (gmt 0)

Keep the core files and plugins up to date. Avoid using little known or unsupported plugins. Sift through your log files looking for attacks. Try WP Monitor to watch over changes to your files. Also read Hardening WordPress: [codex.wordpress.org...]


Msg#: 4563009 posted 3:41 pm on Apr 9, 2013 (gmt 0)

Sucuri WordPress Plugin.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / WordPress
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved