Title: text javascript unknown inserted into my header.php Last modified: August 20, 2016 --- # text javascript unknown inserted into my header.php * [edyzen](https://wordpress.org/support/users/edyzen/) * (@edyzen) * [13 years, 3 months ago](https://wordpress.org/support/topic/text-javascript-unknown-inserted-into-my-headerphp-1/) * Hello My site is [http://www.propertypilihan.com](http://www.propertypilihan.com) I found text javascript unknown inserted into my header.php such as below : * _[code moderated - please don't post that kind of code into the forum ]_ * My question are : 1 . from where hacker can access my header.php ? 2. How to protect my site? * [http://wordpress.org/extend/plugins/exploit-scanner/](http://wordpress.org/extend/plugins/exploit-scanner/) Viewing 2 replies - 1 through 2 (of 2 total) * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [13 years, 3 months ago](https://wordpress.org/support/topic/text-javascript-unknown-inserted-into-my-headerphp-1/#post-3484050) * > 1 . from where hacker can access my header.php ? * It could be one of many places and you’ll need to lock down your installation to close that door. It it’s your server then you’ll have a harder time of it. * > 2. How to protect my site? * First you need to delouse and harden your installation. Once that’s done you should be good but it is a lot of work ahead of you. * You need to start working your way through these resources: [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/) * Additional Resources: [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html) [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress) [http://www.studiopress.com/tips/wordpress-site-security.htm](http://www.studiopress.com/tips/wordpress-site-security.htm) * Thread Starter [edyzen](https://wordpress.org/support/users/edyzen/) * (@edyzen) * [13 years, 3 months ago](https://wordpress.org/support/topic/text-javascript-unknown-inserted-into-my-headerphp-1/#post-3484122) * very Thanks for your suggestion. But I still not understand about to lock down installation to close that door. * The hacker already changed my database password. And I had to change it back. * But I still worried the hacker will change it again , and I can not access my database Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘text javascript unknown inserted into my header.php’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/exploit-scanner.svg) * [Exploit Scanner](https://wordpress.org/plugins/exploit-scanner/) * [Frequently Asked Questions](https://wordpress.org/plugins/exploit-scanner/#faq) * [Support Threads](https://wordpress.org/support/plugin/exploit-scanner/) * [Active Topics](https://wordpress.org/support/plugin/exploit-scanner/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/exploit-scanner/unresolved/) * [Reviews](https://wordpress.org/support/plugin/exploit-scanner/reviews/) * 2 replies * 2 participants * Last reply from: [edyzen](https://wordpress.org/support/users/edyzen/) * Last activity: [13 years, 3 months ago](https://wordpress.org/support/topic/text-javascript-unknown-inserted-into-my-headerphp-1/#post-3484122) * Status: not resolved