Title: Malicious script
Last modified: August 20, 2016

---

# Malicious script

 *  [cutclutternow](https://wordpress.org/support/users/cutclutternow/)
 * (@cutclutternow)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/malicious-script-1/)
 * I have found a malicious script that seems to be “attached” to the All Pages 
   button on the Admin Screen.
 * When I select Pages — All pages, I am redirected to copywriterusa.com.
    This 
   shows on my google as: [https://www.cutclutternowstore.com](https://www.cutclutternowstore.com)
 * I believe this is attached to the WP-Admin file as opposed to the Mazine Theme
   as it is reproduced when I change themes.
 * Need help asap. I can also send you the entire section of script that I found.
 * Thank you!!

Viewing 10 replies - 1 through 10 (of 10 total)

 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/malicious-script-1/#post-2864425)
 * You need to start working your way through these resources:
    [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
   [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779)
   [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/)
   [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/)
 * Additional Resources:
    [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/)
   [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html)
 *  Thread Starter [cutclutternow](https://wordpress.org/support/users/cutclutternow/)
 * (@cutclutternow)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/malicious-script-1/#post-2864434)
 * I have been reading everything I can for the last 24 hours. Do you want the text
   that I have found?
 * I think someone at WordPress will need to possibly delete my installation for
   cutclutternowstore.com to get rid of the code.
 * My site was hacked and when I use the WP-ADMIN and select Pages, I am sent to
   a
    red screen redirecting me to the PurelyHosting hosted site named copywritersusa.
 * I CANNOT ACCESS MY ALL PAGES PAGE. I was able to hover over the all pages link
   
   and was able to find the code noted below causing the redirect. I NEED THIS FIXED
   IMMEDIATELY. PLEASE HELP. I CAN BE REACHED AT _[Telephone number removed – thse
   forums do not offer telephone support]_. LYNN KENDROT
 *  Thread Starter [cutclutternow](https://wordpress.org/support/users/cutclutternow/)
 * (@cutclutternow)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/malicious-script-1/#post-2864437)
 * can you delete my phone number for my post. I am not seeing how to edit or delete.
 * thank you.
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/malicious-script-1/#post-2864438)
 * > I think someone at WordPress will need to possibly delete my installation for
   > cutclutternowstore.com to get rid of the code.
 * wordpress.org distributes and documents the WordPress application but has no 
   connection with any site running that software. You need to sort this out on 
   your self-hosted site yourself. If you cannot manage it yourself using the links
   I provided above, consider [hiring someone](http://jobs.wordpress.net/).
 *  [Johnb81](https://wordpress.org/support/users/johnb81/)
 * (@johnb81)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/malicious-script-1/#post-2864439)
 * I think you need someone professional to help you clean your website if you are
   reading the documentation and still not successful in cleaning your website.
 * Else, you can start by scanning your Website using the Sucuri Free scanner and
   from their results, and the malware or problems they report, start searching 
   on the internet about them.
 *  Thread Starter [cutclutternow](https://wordpress.org/support/users/cutclutternow/)
 * (@cutclutternow)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/malicious-script-1/#post-2864448)
 * I scanned the website and it comes up clean. I know the issue is imbedded but
   not exactly sure how to find the spot and delete it.
 * I was able to view the script when I used Inspect Element on the All Pages link.
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/malicious-script-1/#post-2864451)
 * Have you tried:
 * – deactivating **all** plugins to see if this resolves the problem. If this works,
   re-activate the plugins one by one until you find the problematic plugin(s).
 * – switching to the Twenty Eleven theme to rule out any theme-specific problems.
 * – [resetting the plugins folder](http://codex.wordpress.org/FAQ_Troubleshooting#How_to_deactivate_all_plugins_when_not_able_to_access_the_administrative_menus.3F)
   by FTP or PhpMyAdmin. Sometimes, an apparently inactive plugin can still cause
   problems.
 *  Thread Starter [cutclutternow](https://wordpress.org/support/users/cutclutternow/)
 * (@cutclutternow)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/malicious-script-1/#post-2864458)
 * I did deactive mazine theme and activated twenty eleven yesterday. Same issue.
   That is why I believe the structure, not the theme is the issue.
 * My All Pages button is being redirected as shown.
 * <!DOCTYPE html>
    <html xmlns=”[http://www.w3.org/1999/xhtml&#8221](http://www.w3.org/1999/xhtml&#8221);
   dir=”ltr” lang=”en-US”> <head> <meta http-equiv=”Content-Type” content=”text/
   html; charset=UTF-8″ /> <title>Top Copywriters USA › Log In</title> <link rel
   =’stylesheet’ id=’wp-admin-css’
 * When I go to my other website and look at the element for All Pages, I see references
   to Submenu and First Item Current. [All Pages](https://wordpress.org/support/topic/malicious-script-1/edit.php?post_type=page)
 * I need to access the wp-admin-css to delete the Top Copywriter redirect information.
 *  [esmi](https://wordpress.org/support/users/esmi/)
 * (@esmi)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/malicious-script-1/#post-2864460)
 * Did you try all of the steps I gave above?
 *  [Johnb81](https://wordpress.org/support/users/johnb81/)
 * (@johnb81)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/malicious-script-1/#post-2864505)
 * check the file index.php in your WordPress installation (in the root directory).
   If you disabled the theme and the problem persists, 99% the problem is in your
   index.php.

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘Malicious script’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 10 replies
 * 3 participants
 * Last reply from: [Johnb81](https://wordpress.org/support/users/johnb81/)
 * Last activity: [13 years, 11 months ago](https://wordpress.org/support/topic/malicious-script-1/#post-2864505)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics