Title: wp-includes/query.php modified – hacked Last modified: August 21, 2016 --- # wp-includes/query.php modified – hacked * Resolved [falshiw](https://wordpress.org/support/users/falshiw/) * (@falshiw) * [12 years, 10 months ago](https://wordpress.org/support/topic/wp-includesqueryphp-modified-hacked/) * sorry if I write this in the wrong section. * This is my first post and I’m only writing it, because I spend 6 hours trying to find how the hell a site was hacked. Finally I found what is wrong and I want to share it. I couldn’t find any similar case anywhere (can’t say I tried very hard) * Problem was that in the footer of every front end page, there was short script and invisible link to onlineroulette-reviews.com `code` * _[hacked code removed – please do not post that here]_ * I tried disabling plugins, searching for some of the strings in wordpress files but to no results. Couldn’t find anything in the database also. * I notice that removing wp_footer() from footer.php fixes the problem, but that wasn’t good enough because there were some needed functions there. * One of the functions was “check_wp_load”, which was very strange and I was unable to find what added it. Trying to remove it also didn’t work. * Long story short, after several nerving hours, I found the problem. Someone added in the beginning of query.php these lines * _[hacked code removed – please do not post that here]_ * I don’t have logs to find the hacker, neither I know when that happened. Don’t have the time to investigate. I just hope that if someone else have this problem, will find this post and save himself some time. * sorry for bad English 🙂 Viewing 2 replies - 1 through 2 (of 2 total) * [WPyogi](https://wordpress.org/support/users/wpyogi/) * (@wpyogi) * [12 years, 10 months ago](https://wordpress.org/support/topic/wp-includesqueryphp-modified-hacked/#post-3955956) * Please do not post hack code here… * Simply removing the code is unlikely to completely clean up the hack or prevent a re-occurrence. You need to go through all of these resources: * [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/) * Additional Resources: [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html) * Thread Starter [falshiw](https://wordpress.org/support/users/falshiw/) * (@falshiw) * [12 years, 10 months ago](https://wordpress.org/support/topic/wp-includesqueryphp-modified-hacked/#post-3956142) * Thank you for the info. I’ve checked everything I could find using these resources. I couldn’t find other threats. Seems like this modification was before year 2012 and even after several updates of wordpress survived in this file – query.php Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘wp-includes/query.php modified – hacked’ is closed to new replies. ## Tags * [hacked](https://wordpress.org/support/topic-tag/hacked/) * [query.php](https://wordpress.org/support/topic-tag/query-php/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 2 replies * 2 participants * Last reply from: [falshiw](https://wordpress.org/support/users/falshiw/) * Last activity: [12 years, 10 months ago](https://wordpress.org/support/topic/wp-includesqueryphp-modified-hacked/#post-3956142) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics