Title: Header.php Hacked with redirect javascript code Last modified: August 31, 2016 --- # Header.php Hacked with redirect javascript code * [maxcady](https://wordpress.org/support/users/maxcady/) * (@maxcady) * [10 years, 3 months ago](https://wordpress.org/support/topic/headerphp-hacked-with-redirect-javascript-code/) * Hi, * I don’t know when it happened (could have been months ago), but I recently found malicious code in my header.php. * It has affected about 3 of my sites with wordpress. I deleted a bunch of unused themes and plugins as well as a few sites that I haven’t paid attention to in a while yet the infection hasn’t gone away. * I pasted the code on [paste bin here](http://pastebin.com/WhtDTqtf) * I found some older posts on here about hardening wordpress and what to do if your site is hacked (and I am in the process of doing that), but nothing on how to spot the source code and what the main source code looks like today. * I saw something on the forums a while ago that said look at the wppass.php and topper.php file, but my wppass file had nothing and didn’t see a topper file. * Can anyone tell me what to look for? What directory(ies) or files might have the main code/malware? * Thanks Viewing 3 replies - 1 through 3 (of 3 total) * [Mark Ratledge](https://wordpress.org/support/users/songdogtech/) * (@songdogtech) * [10 years, 3 months ago](https://wordpress.org/support/topic/headerphp-hacked-with-redirect-javascript-code/#post-7059548) * Hacks vary widely; the vector and the bad files can be many places. * Carefully follow [https://codex.wordpress.org/FAQ_My_site_was_hacked](https://codex.wordpress.org/FAQ_My_site_was_hacked) * Then take a look at the recommended security measures in [Hardening WordPress – WordPress Codex](https://codex.wordpress.org/Hardening_WordPress) and [Brute Force Attacks – WordPress Codex](http://codex.wordpress.org/Brute_Force_Attacks) * If you can’t do the work yourself, consider looking for a reputable person on [http://jobs.wordpress.net/](http://jobs.wordpress.net/) or [http://directory.codepoet.com](http://directory.codepoet.com) or [http://upwork.com](http://upwork.com) * _ (FYI, it’s **not** a good idea to respond to work offers from random forum users who have read about your issues.)_ * Thread Starter [maxcady](https://wordpress.org/support/users/maxcady/) * (@maxcady) * [10 years, 3 months ago](https://wordpress.org/support/topic/headerphp-hacked-with-redirect-javascript-code/#post-7059555) * Thanks, I’ve been going through those the past couple of days. * I used Sucuri’s free scan and within a few days, my hosting company was “notified by a 3rd party of malware” and my hosting company shut down my sites. * I’m skeptical of Sucuri’s tactics of gaining business. * Anyways, I’m hoping that someone has gone through this recently and can post their experience and what files were infected and what the main code looks like. * Thanks * [Mark Ratledge](https://wordpress.org/support/users/songdogtech/) * (@songdogtech) * [10 years, 3 months ago](https://wordpress.org/support/topic/headerphp-hacked-with-redirect-javascript-code/#post-7059558) * > Anyways, I’m hoping that someone has gone through this recently and can post > their experience and what files were infected and what the main code looks > like. * Hacks vary widely; the vector and the bad files can be many places. Many people deal with hacks; they all follow – or should be following – [https://codex.wordpress.org/FAQ_My_site_was_hacked](https://codex.wordpress.org/FAQ_My_site_was_hacked) Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Header.php Hacked with redirect javascript code’ is closed to new replies. ## Tags * [hacked](https://wordpress.org/support/topic-tag/hacked/) * [hacked site](https://wordpress.org/support/topic-tag/hacked-site/) * [header.php](https://wordpress.org/support/topic-tag/header-php/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 3 replies * 2 participants * Last reply from: [Mark Ratledge](https://wordpress.org/support/users/songdogtech/) * Last activity: [10 years, 3 months ago](https://wordpress.org/support/topic/headerphp-hacked-with-redirect-javascript-code/#post-7059558) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics