Title: Malicious code detection Last modified: August 20, 2016 --- # Malicious code detection * [eswrite-wp](https://wordpress.org/support/users/eswrite-wp/) * (@eswrite-wp) * [14 years, 2 months ago](https://wordpress.org/support/topic/malicious-code-detection/) * Since I cleaned up my site from a hack (thought I had cleaned it), [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) indicated no malicious code. Neither did a check from Google Webmaster tools. However, in its search results, Google reported that my site may be compromised. So I had my ISP run a scan, and they found (according to them) a bunch of malicious code, which they cleaned up through a script. Now they are recommending I re- install everything, but I’m pretty sure all my backups are going to have whatever is triggering the Google warning … and whatever [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) can’t detect. * I pretty much ran through the process described in [my previous thread](http://wordpress.org/support/topic/recovering-from-white-screen-wp-admin-page?replies=13), so I’m a bit puzzled, again, since the recommended scanners flagged nothing. Viewing 5 replies - 1 through 5 (of 5 total) * Thread Starter [eswrite-wp](https://wordpress.org/support/users/eswrite-wp/) * (@eswrite-wp) * [14 years, 2 months ago](https://wordpress.org/support/topic/malicious-code-detection/#post-2618182) * Oh, I just did another scan at [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/). It says WordPress is outdated… but I just re-installed 3.3.1. What gives? * EDIT: I looked deeper. It’s flagging the default and my current index.php theme files. * **Web application version**: WordPress version: WordPress 3.1.1 WordPress directory: [http://imagesbyeduardo.com/main/wp-content](http://imagesbyeduardo.com/main/wp-content) WordPress theme: [http://imagesbyeduardo.com/main/wp-content/themes/carbonize/](http://imagesbyeduardo.com/main/wp-content/themes/carbonize/) * WordPress internal path: /hermes/waloraweb071/b376/moo.esfotoclix/main/wp-content/ themes/carbonize/index.php Wordpress internal path: /hermes/waloraweb071/b376/ moo.esfotoclix/main/wp-content/themes/default/index.php * WordPress version outdated: Upgrade required. * Thread Starter [eswrite-wp](https://wordpress.org/support/users/eswrite-wp/) * (@eswrite-wp) * [14 years, 2 months ago](https://wordpress.org/support/topic/malicious-code-detection/#post-2618183) * Okay… I just checked both my installed /default/index.php and the one in the WP 3.3.1 clean install. They both read: * * If so, why would this be flagged by sucuri.net as out of date? I think it’s just a false positive. Joy. * _[Bumps deleted. Hacked or not, please don’t bump. It annoys people and is against the rules – Moderators.]_ * [kmessinger](https://wordpress.org/support/users/kmessinger/) * (@kmessinger) * [14 years, 2 months ago](https://wordpress.org/support/topic/malicious-code-detection/#post-2618267) * Many of us believe that having the version number in the source code gives hackers an edge. * If I were you I would add, `remove_action('wp_head', 'wp_generator');` to your theme’s functions.php file. That would get rid of the version number. * When I run my site thru sucuri without a version number nothing is flagged * [MickeyRoush](https://wordpress.org/support/users/mickeyroush/) * (@mickeyroush) * [14 years, 2 months ago](https://wordpress.org/support/topic/malicious-code-detection/#post-2618275) * I’m not sure if the sucuri scanner looks for certain .js files or not. But it’s a way to fingerprint the version of WordPress as well. It’s not that accurate, but can give someone the idea, that the version is older or newer than another, as a newer WordPress version have/use different versions of certain files. * When replacing all WordPress core files, you may want to manually delete them before replacing, in case one is accidentally or maliciously been set to a 444 file permissions, etc. Make a backup first! * UPDATE! Yes the sucuri does look for certain .js file. Ooops! 🙂 * [robthecomputerguy](https://wordpress.org/support/users/robthecomputerguy/) * (@robthecomputerguy) * [14 years, 2 months ago](https://wordpress.org/support/topic/malicious-code-detection/#post-2618295) * Why would you think that Google’s database would be instantly updated when you cleared out your malicious code? That seemed like a lot of concern waiting for people at WordPress to solve your Google problem – that is not an instantaneous message, unless you take steps to get Google to update your crawl results ASAP you’ll easily be marked as a compromised site for weeks. * Everything else discussed made sense, but I’m pretty sure it was not the source, or the solution, of the problem. Yes a hacker may pass you over if they don’t know your WP version number from the header, but I just did a reveal source on your site and I saw WordPress 3.3.1 in line 8. * And right now, Friday at midnight EST, your website still shows as compromised in my Google search results, and there is a link to what to do in Google’s Webmaster tools for you to resolve it. * I don’t think you’ll be able to force the cache to update, but it would seem to me that if you delete and resubmit a sitemap for the clean site, that you can get your results updated faster. (In addition to the instructions Google provides at [http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163634](http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163634) for cleaning up the site.) * I tried to edit this to not sound completely annoying, but you really need to take action otherwise your site will sit as labeled with malware for quite a long time, for small sites, Google isn’t coming every day to get an update from your site, so you have to put all of that in motion. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Malicious code detection’ is closed to new replies. ## Tags * [hacked](https://wordpress.org/support/topic-tag/hacked/) * [malicious](https://wordpress.org/support/topic-tag/malicious/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 5 replies * 4 participants * Last reply from: [robthecomputerguy](https://wordpress.org/support/users/robthecomputerguy/) * Last activity: [14 years, 2 months ago](https://wordpress.org/support/topic/malicious-code-detection/#post-2618295) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics