Malicious text appears in all pages and posts. How do I get rid of it?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP



Malicious text appears in all pages and posts. How do I get rid of it?



Yesterday I had installed several outdated plugins (my bad) in order to make my buddypress registration page display “the terms and conditions” checkbox and since then all the pages and posts started displaying some unwanted text at the start and bottom.

I have removed all those plugins but still I’m getting the message. I tried several malware scanners like wordfence, sucuri, etc but everything says my website is clean. I'm out of options now. Please help me get rid of it from my site.



At the page start this code appears:


<div style="position:absolute;top:0;left:-9999px;">Want create site? Find <a href="http://dlwordpress.com/">Free WordPress Themes</a> and plugins.</div>`



Before the end of the page this code appears:


<div style="position:absolute;top:0;left:-9999px;">Did you find apk for android? You can find new <a href="https://dlandroid24.com/">Free Android Games</a> and apps.</div>



As you can see, because of the left:-9999px; in the above code the text isn't visible normally but it can see been in search engine results and social shares.


left:-9999px;




5 Answers
5



the problem is due to a plugin downloaded from dlwordpress.com.
The code is generally added to some main file of the plugin itself and is masked by a hexadecimal code.
this is the code:


if( ! function_exists('sorry_function'))
function sorry_function($content)
if (is_user_logged_in())return $content; else
add_filter('the_content', 'sorry_function');



remove the plug or remove this part of code in any php files where there is





Thank you found it and removed it. Apart from this there were several other codes snippets injected into my theme files. Besides this there was also a whole new file named class.wp.php. With the help of 'wordfence" plugin I removed the extra codes and deleted the file and all is back to normal.
– Rag
Mar 26 '17 at 4:12





The best option is to use the "search => Find in files" function with an editor software like Notepadd++ in your plugin folder. Searching for sorry_function, find the function and delete it.
– bkseen
Jun 14 at 3:02



First search with sudo grep -r sorry_function * from console and get the name of thefile. After that delete sorry_function() using a ftp client


sudo grep -r sorry_function *


sorry_function()



If you're not using a custom theme, try to remove current theme (After taking backup) and reinstall it from original source. The plugin might've added the code in your theme templates.
Can you share the link to your website?



Its getting from the Yoast SEO plugin,
Plase follow the this step to remove this. Yoast SEO > Social > Twitter and disabled the meta description.



this code is appear because you use of null plugin, simply insert the bellow code to the custom.css in your template:


div[style="position:absolute;top:0;left:-9999px;"]
display: none !important;





i think this is a very nasty fix..
– Jesse de gans
Nov 20 '17 at 15:49





This is not a fix at all, just hiding the problem.
– bkseen
Jun 14 at 2:48




Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).



Would you like to answer one of these unanswered questions instead?

Popular posts from this blog

Firebase Auth - with Email and Password - Check user already registered

Dynamically update html content plain JS

Creating a leaderboard in HTML/JS