All posts are in italics (since New Year)

Your site has been compromised by a hacker. ??

You need to start working your way through these resources:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
https://sitecheck.sucuri.net/scanner/
https://www.unmaskparasites.com/
https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Ughhhhhhhhhhhhhhhhhh – all those links and steps seem sooooo overwhelming.

The easier solution seems to just leave WordPress and try something like SquareSpace.

I’m at a loss ??

This is not WordPress’ fault. Your site has been hacked because either it, or another site on the same server, is insecure. Have you spoken to your hosts about it?

I host at GoDaddy using a standard package (that probably thousands of others use). I just don’t see any steps to solve. You suggest a swarm of things that are beyond an average person’s skill level…which boils down to the person throwing in the towel and starting over somewhere else.

I ran the two site checks from the links you provided and both came back clean.

So how on earth would I ever restore to a non-italics body copy site? There’s no tags to adjust. I can’t delete a certain post. I can’t run anything on the site to clean the code.

When we use Firebug in Firefox, it doesn’t show any italics in preview. We checked for all open tags. It’s only when the site renders in WordPress.

I ran the two site checks from the links you provided and both came back clean.

Those scanners look for malware and this isn’t malware as such. Plus it’s a pretty new hack, so it might not be in their databases yet,

I’ve checked the source of your front page and the inserted ad can be seen quite clearly just after the opening <body> tag.

“I’ve checked the source of your front page and the inserted ad can be seen quite clearly just after the opening <body> tag.”

Sorry – I don’t follow this sentence…can you explain this better?

I have no re-directs or new ads or anything on our site. The body copy is just in italics. That’s the ONLY thing.

ah ha!

This is it!

<div id='hideMe'> <p><i> Best Payday Loan <a href="https://13minpaydayloans.com/">Best Payday Loan</a></div><script type='text/javascript'>if(document.getElementById('hideMe') != null){document.getElementById('hideMe').style.visibility = 'hidden';document.getElementById('hideMe').style.display = 'none';}</script><div id="page">

How do I remove that?

Sorry – I don’t follow this sentence…can you explain this better?

– View your webpage,
– Right click where applicable (assuming Windows),
– Select ‘View source’
– Look for the <body> tag
– Look for the ad

Yep – thanks, Andrew. That’s what I did right after I posted.

Now I just have to find it. People are telling me it’s probably in the root index.php file.

How do I remove that?

Please see the links I posted above. And report the problem to GoDaddy.

Checked the root index.php file and it wasn’t in there:(

Just so no one else has to try to fish through generic links or sit through a brutal tech support call…

The <div id=’hideMe’> can be found in your themes folder. So, go to your root folder, then the “wp-content” folder, then “themes” folder, and then your xxtheme. Now open the header.php file.

Next remove the bad code (but leave the page div tag right next to it). Re-upload and presto – it’s fix.

Finally, go back and update your passwords on your wordpress admin and hosting admin.

Ben

Re-upload and presto – it’s fix.

Not necessarily. Unless you remove any hidden backdoors on the site, the hacker will just walk straight back in again. That’s why we tell you work your way through all of those linked resources.