Malware code in header.php

This topic is: resolved

This topic has 7 replies, 3 voices, and was last updated 8 years, 7 months ago by Suman M..

Viewing 8 posts - 1 through 8 (of 8 total)

Save

Author

Posts
November 9, 2016 at 2:12 pm #12748

elementsofts
Post count: 3

Hi

Our website has been banned by google due to malware code. We checked the site & found some malware codes in header.php file. We removed the code and changed the login details but after some time it was again there in header.php file. Due to this our site also showing malware site by google. We purchased this plugin hoping that it would fully secure our site but i guess it not. Please help us how we can we get rid of this problem.

The code appears in header.php file before the closing head tag.
Is there any way we can hide the header.php file or the closing wp_head syntax ? or any other better solution ?

Plz help.

Thx

MALWARE CODE

Attachments:
You must be logged in to view attached files.

November 9, 2016 at 9:56 pm #12757

Maxime
Active
Post count: 15

Really??? A malware???

November 10, 2016 at 4:31 am #12758

elementsofts
Post count: 3

Yes it is malware .. Please check the site http://bit.ly/2eMFrpr

November 10, 2016 at 4:53 am #12760

Suman M.
Post count: 12480

Hi, HMWP prevents from direct access to backend login and it has Intrusion detection system (IDS) that detects any malicious requests coming to the site and block those if impact level is high. But source of the malware can be various. If the server where your website is hosted itself is infected with virus/malware then presence of HMWP or any other security plugin might not help. No plugin can totally prevent the malware.
We recommend you to contact your hosting provider and ask how they can help you with removing malware. Also you can use malware scanner and removal tools.
Another tip could be to make header.php file read only after you get rid of malware content from it.

November 10, 2016 at 5:17 am #12762

elementsofts
Post count: 3

Hi Suman

Thanks for your prompt response. Yes I understand this could be because of the shared server also & we’ve already asked our hosting provider to look into it. But even if this problem resolves for some time, it can come again & affect the site. That’s why we are concerned about it. The header.php file already is on readmode (0644) , but we don’t know how come the code is appearing again and again after some time. Please suggest best possible solution to hide header.php file or something else ?

Thanks
Himanshu

November 10, 2016 at 3:17 pm #12767

Suman M.
Post count: 12480

With HMWP you cannot hide any file or directory. Did you try setting header.php file’s permission to 444?
The file is getting infected again and again, most probably because server itself is infected (in this case you need to contact hosting provider) or else some other file in your site is infected which acts as source (in this case scanning the entire code/site with malware scanner can be helpful)

November 11, 2016 at 7:11 am #12782

elementsofts
Post count: 3

I guess the problem is sorted out now. We uploaded the back up copies & changed the file permission to 444 along with changing all passwords & auth keys. Since then there’s no issue. Just hoping this will not happen again..& the site has been successfully reviewed by google too 🙂

Thanks for your support!

November 11, 2016 at 9:02 am #12787

Suman M.
Post count: 12480

Good to know that it’s working now!
Author

Posts

Viewing 8 posts - 1 through 8 (of 8 total)

Save

You must be logged in to reply to this topic.

Attachments: