Title: Where has this javascript come from
Last modified: November 19, 2016

---

# Where has this javascript come from

 *  [Richard Watton](https://wordpress.org/support/users/ardmark/)
 * (@ardmark)
 * [9 years, 6 months ago](https://wordpress.org/support/topic/where-has-this-javascript-come-from/)
 * Hi,
 * I have found a lot of javascript embedded in every page, and I am wondering where
   it has come from. It looks like this:
 * `var SLXSWWSOOK = String.fromCharCode(16 - 6, 123 - 5,` and the numbers go on
   and on and ends with `eval(SLXSWWSOOK)`. There is also quite a lot of spam on
   some of the pages and posts. Am I right in thinking this has been inserted as
   the result of a vulnerability somewhere?
 * The site has Advance Custom Fields, Really Simple Captch, Restrict Content, User
   Role Editor and Contact Form 7 installed.
 * Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Moderator [t-p](https://wordpress.org/support/users/t-p/)
 * (@t-p)
 * [9 years, 6 months ago](https://wordpress.org/support/topic/where-has-this-javascript-come-from/#post-8457910)
 * > Am I right in thinking this has been inserted as the result of a vulnerability
   > somewhere
 * Try using Sucuri online scanner or a plugin to check for exploits and malware:
   –
   [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) –
   [https://wordpress.org/plugins/search.php?q=scanner](https://wordpress.org/plugins/search.php?q=scanner)
 *  Thread Starter [Richard Watton](https://wordpress.org/support/users/ardmark/)
 * (@ardmark)
 * [9 years, 6 months ago](https://wordpress.org/support/topic/where-has-this-javascript-come-from/#post-8457938)
 * Thanks, good links. The sucure.net scanner indicates some problems –
 * > Known javascript malware. Details: [http://sucuri.net/malware/entry/MW:JS:GEN2?web.js.redirect.window_location.008](http://sucuri.net/malware/entry/MW:JS:GEN2?web.js.redirect.window_location.008)
 * so I’ll get rid of all that code and try and figure out how it got there in the
   first place.
 *  Moderator [t-p](https://wordpress.org/support/users/t-p/)
 * (@t-p)
 * [9 years, 6 months ago](https://wordpress.org/support/topic/where-has-this-javascript-come-from/#post-8457949)
 * Carefully follow [this guide](https://codex.wordpress.org/FAQ_My_site_was_hacked).
   When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://codex.wordpress.org/Hardening_WordPress).
 *  Thread Starter [Richard Watton](https://wordpress.org/support/users/ardmark/)
 * (@ardmark)
 * [9 years, 6 months ago](https://wordpress.org/support/topic/where-has-this-javascript-come-from/#post-8458001)
 * Thanks, those are very useful links. Since this is not my site I don’t want to
   mess anything up so this will be really helpful.
 *  Moderator [t-p](https://wordpress.org/support/users/t-p/)
 * (@t-p)
 * [9 years, 6 months ago](https://wordpress.org/support/topic/where-has-this-javascript-come-from/#post-8458095)
 * You are welcome 🙂

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Where has this javascript come from’ is closed to new replies.

## Tags

 * [eval](https://wordpress.org/support/topic-tag/eval/)
 * [javascript](https://wordpress.org/support/topic-tag/javascript/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 5 replies
 * 2 participants
 * Last reply from: [t-p](https://wordpress.org/support/users/t-p/)
 * Last activity: [9 years, 6 months ago](https://wordpress.org/support/topic/where-has-this-javascript-come-from/#post-8458095)
 * Status: not a support question

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics