i.simpli.fi script harmful?

It looks like that script injects ads.

Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

So far all files seems to be clean and the following security plugins are not able to find anything:

Sucuri Security – Auditing, Malware Scanner and Hardening
Quttera Web Malware Scanner
Asgard Security Scanner

No idea where that script is coming from.

Check WordPress’s main index.php file (not your theme’s index.php file).

That one looks fine:

<?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */

/**
 * Tells WordPress to load the WordPress theme and output it.
 *
 * @var bool
 */
define('WP_USE_THEMES', true);

/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );

Ok, try deactivating all plugins. If that resolves the issue, reactivate each one individually until you find the cause.

If that does not resolve the issue, try switching to the Twenty Fifteen theme to rule-out a theme-specific issue.

Thanks for your help so far James. But the plugins and theme were the first two things I tried (as stated in my first post.)

Another thing I tried was downloading all my data from the website and searching through all the files for the text “simpli.fi” using notepad++. But that also gave no results.

Whereabouts in the source code is this code being injected?

At the bottom of my page, see screenshot below:
https://oi61.tinypic.com/25fli8h.jpg

Also you can find my blog at bots.uthar.nl if that may help in finding this problem.

I finally found it. A widget to show visitor information from https://whos.amung.us was adding the script.

Great, nice work!

I’m glad it’s fixed now. ??

Just for future reference and additional information for users with a similar problem. I contacted whos.amung.us and got this reply:

Simpli.fi is not malware, it is a data categorization service used via one of our partners that we will be using to provide more insight into our users audiences via new stats we are going to provide.

You can of course prevent any third party services from being used via our services by adding the following javascript before the widget code:
<script type=”text/javascript> var _wau_opt = {‘fbase’: 1}; </script>
This will limit some aspects of our stats pages (what is being copied) however everything else will run as expected still.

Hope this helps.

So simpli.fi itself is safe, although it gathers some data.

Finally simpli.fi is present in a number of malware infected sites that add ads, I assume those harmful scripts only use simpli.fi to make their ads better target the audience.

Now it is for yourself to decide whether or not you want to get rid of the simpli.fi script.

Thanks for sharing that!

Thanks buddy it solved my problem on https://www.pcgan.com