-
Posts
-
Hello,
I believe my website is hacked – when i got to crosshairrms.com i’m sent to a page that sells viagra. however when i go to http://www.crosshairrms.com i get my proper website. I have contact my isp and they said it is my functions.php file. I’ve tried deleting the file. that didn’t help. i put back the file and deleted some random code at the top of it (this had happened to me on another website before) and that didn’t help either.
doesn’t anyone know how to get rid of this? i wonder if it has something specifically to do with “www” being infront the the url.
Please help.Robert
Hey Robert!
Please go to Appearance > Editor and open Functions.php file and check if there is such code on the top of the file – http://pastebin.com/ZpR2wN7s
and remove it. If you are not comfortable editing the file, please create a temporary admin login and post it here privately so we can check it for you.
Please consider installing a security plugin such as https://wordpress.org/plugins/better-wp-security/ or this one – https://wordpress.org/plugins/bulletproof-security/Regards,
Yigitthank you for sending this. I have included login information in the private section of this message.
i followed your instructions and there actually isn’t a functions.php file. I deleted it (it did have that code at the top). but i can re-add if you like. but whether i deleted the file or the code that you mentioned at the top, the hack is still there. at the moment there is a functions-enfold.php file.
you’ll see that i do have security measures set up like you listed to help prevent this. but it evidently didn’t work.
some help would be very much appreciated. Thank you a lotRobert
Hi!
I cannot see functions.php file in Appearance > Editor? Can you please try re-updating the theme via FTP once again – http://kriesi.at/documentation/enfold/updating-your-theme-files/ and let us know if issue remains?
Regards,
Yigityigit,
I have uploaded the functions.php and removed the coding that you recommended. But this hasn’t changed anything. I’ve tried to update the theme, but there aren’t any updates available. Can you please log in and take a look?Robert
Hi!
Please refer to this post and add the first code to your .htaccess file – http://kriesi.at/documentation/enfold/enable-cors/
Best regards,
Yigiti managed to get access to the .htaccess file (the server had it hidden). i added that code to the top of the file ahead of the other code that was there. this didn’t change anything and the hack is still there. any other ideas?
Hi!
Can you please re-updating the theme via FTP and overwrite all files – kriesi.at/documentation/enfold/updating-your-theme-files/
Regards,
Yigitwill this require me to rebuild the website and all customizations and plugins? or will only the necessary system files be updated?
Hi!
Have you made any changes on theme files? If you did and are not using a child theme, those changes will be overwritten. But theme options and your content is saved on your database.
Best regards,
YigitYigit,
Thanks for the advice. I just did the overwrite using the FTP login.
However the hack is still there. Anything else you can advise on? it’s peculiar how this is only happening with you omit “www” in the url.Robert
Hi!
Now when i try to go to your site without www it directs me to www. Have you figured it out already?
Cheers!
Yigityigit
yes i finally go it working. your instructions were perfect. the reason i didn’t see the changes i made come into effect was because i had to reset the cache stored through the W3 plugin.
Thanks for al the help.
Robert
- The topic ‘functions.php hacked’ is closed to new replies.