Insecure Script in | ww.wp.xz.cn

Resolved rsmith81
(@rsmith81)

5 years, 4 months ago

When you view my website https://metaskil.com using development tools through Google Chrome, there is a warning message –

Mixed Content: The page at ‘https://metaskil.com/’ was loaded over HTTPS, but requested an insecure script ‘http://www.cntr-di7.com/js/59742.js’. This request has been blocked; the content must be served over HTTPS.

I’m not looking to enable the script, does anyone recognise it, what is it used for?

I found it in the HTML <head>. I have contacted the theme creator and it’s not from them.

The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

Moderator tobifjellner (Tor-Bjorn “Tobi” Fjellner)
(@tobifjellner)

5 years, 4 months ago

That sounds like a payload from some hacking.

Any plugin, mu-plugin, or code in your theme (or somewhere else by referring/editing global parameters/settings…) may be injecting this.

Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.
Thread Starter rsmith81
(@rsmith81)

5 years, 4 months ago
I found the plugin that was inserting the code, it was from Lead Forensics so I have deactivated the plugin.
- This reply was modified 5 years, 4 months ago by rsmith81.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Insecure Script in’ is closed to new replies.

In: Fixing WordPress
2 replies
2 participants
Last reply from: rsmith81
Last activity: 5 years, 4 months ago
Status: resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics