Unwanted spam pop ups

Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

Thanks for the prompt response Steve. Unfortunately we have already been through those steps. The site shows as being clean, works for about 24 hours and then the pop ups return. We are looking at going over to a different host but the concern is that it won’t fix the issue.

then either (1) your host is hacked or (2) you missed something. I did have one client who was in that first situation and moving to another host fixed things, but I consider that an outlier.

Did you remove *every single .php file* on your site and replace it with one from a known, clean source as well as looking at files like .htaccess?

My friend who sorts my hosting out has been trying to fix it for two months and he has assured me he replaced every .php

The hosts seem stumped too. Not really sure where to go next.

and all the .js files, too? And scanned every image as thought it were executable?

Install WordFence and do a “high sensitivity” scan of your site.

Thanks, he says it’s all stuff he has tried but will go back and see if his missed anything. Might end up just setting up a new site and manually transferring the content across. Which to be honest is a horrifying though but not sure what else to do if the suggested steps don’t fix it.

Look also into the the database to make sure there isn’t code in there that for example is being used to detect browser user-agents then display page redirection javascript to a spam site.