Malware detection causes invisibility?

Please paste the code inside header.php so I can review it

I think iPage will not do dirty job like that.
There are many website that hacked but the owner will never know about that. Usually it redirect the site if the traffic come from search engine, or use it as spam server. Nothing change in your website, but they do something in the backend.
It’s better if you allow the iPage to do their job. I think they will not charge for this service

If you are hacked then do not post that code. Really, don’t. It will get redacted right quick.

You need to start working your way through these resources:
https://codex.www.ads-software.com/FAQ_My_site_was_hacked
https://www.ads-software.com/support/topic/268083#post-1065779
https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
Hardening WordPress
https://sitecheck.sucuri.net/scanner/
https://www.unmaskparasites.com/
https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
https://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html

thanks Jan. the only thing iPage sent me was details of the files to be pulled, not them actual hack/code

wp-includes/css/dashicons.min_prevv1.php
wp-includes/SimplePie/HTTP/Parser_old.php
wp-includes/js/tinymce/plugins/wplink/plugin_backup.php
wp-includes/js/tinymce/plugins/tabfocus/plugin_prevv1.php
wp-includes/js/tinymce/license_new.php
wp-includes/js/tinymce/skins/lightgray/fonts/tinymce_bck_old.php
wp-includes/js/tinymce/skins/e43ca6aa_old.php
wp-includes/js/jquery/ui/jquery.ui.effect-clip.min_new.php
wp-includes/images/wlw/wp-comments_new.php
wp-includes/feed-rdf_new.php
wp-admin/css/revisions-rtl_old.php
wp-admin/css/colors/blue/colors-rtl.min_new.php
wp-admin/css/colors/coffee/colors.min_new.php
wp-admin/css/colors/ectoplasm/colors.min_infoold.php
wp-admin/css/colors/_mixins_new.php
wp-admin/includes/theme-install_bck_old.php
wp-admin/js/language-chooser_bck_old.php
wp-admin/network/site-users_indesit.php
wp-admin/images/spinner_new.php
wp-admin/post-new_new.php
wp-content/plugins/smooth-slider/29d96019_prevv1.php
wp-content/themes/weaver-ii/includes/admin-pro_ver1.php
wp-content/themes/weaver-ii/js/PIE/PIE_uncompressed_backup.php
wp-content/themes/weaver-ii/js/superfish/images/rtl-arrows-ffffff_prevv1.php
wp-content/themes/weaver-ii/f0bfe24e_ver1.php
wp-content/themes/weaver-ii/functions.php
wp-content/themes/DarknessGame/functions.php
wp-content/themes/DarknessGame/images/social-icons/email_old.php
wp-content/themes/DarknessGame/css/screen_noversion.php
wp-content/themes/GamingZone/functions.php
wp-content/themes/GamingZone/menu/custom_indesit.php
wp-content/themes/GamingZone/archive_infoold.php
wp-content/themes/iGaming-2.0/functions.php
wp-content/themes/GameBlack/functions.php
wp-content/themes/GameBlack/images/search_ver1.php
wp-content/themes/twentyfourteen/images/fcb181c2_bck_old.php
wp-content/themes/twentyfourteen/functions.php
wp-content/themes/GamingWeb/functions.php

these are the offending files, apparently?

Jamie

After checking your files list, I think your website is really hacked.

those files ( and every other theme ) have been deleted. but I still do not see how the files could have got into the website?

if someone can guess the password then fair play, they have got some amazing brain on them to get past a special char, alpha numeric, upper and lower case of 32 digits

but from my end, ( and this being the ONLY computer that has database access ) I don’t understand how they got in without hacking this computer, which they didn’t?

that is my main issue.

iPage seem reluctant to indicate how they found out, how they identified the hacked files but failed to delete them and instead opted to shut us down and then say ￡” but if you pay us we will do it for you “

the files are fixed now ( through our own efforts not iPage’s ) and we will be relocating the website to a new host ( 1&1 or Blue Host, probably? Arvixe have a poor uptime ratio of only 76% ) . But I would still LOVE to know how ‘they’ did it

by the way, this has happened regular as clockwork between March 17th and April 17th every year since 2013

( auto-renewal is for April 26th ?? lol coinky-dink?? )

You’re best asking your hosting providers how this could have happened – they have logs on their servers that tell you what happened at any action, at any time.

I ever handle server with 300+ WordPress sites. And always got attack everyday. The attacker is not hack your password to put those files. They usually use bug from old themes, old plugins and old WordPress core. Always make sure your themes, plugins and WordPress core is the latest version.

hi guys, thanks ever so much for all the great advice. I am not the most clued up when i comes to code and the technical side of things but I can always count on the WP community to come to my resue.

Apparently they got in through YouTube plug in.

The plug in has been removed and replaced.

thanks to everyone at WP. You guys are the very best!

by the way, different topic, same related, after replacing the plug in I now get this…?

Notice: Undefined index: page in /hermes/bosnaweb02a/b693/ipg.gamesmediaprocouk/wp-content/themes/GameBlack/functions.php on line 269

as you can imagine….I have no idea ??

different topic,

Please start a new thread. That’s a problem with your theme – you will need to deactivate the theme manually by renaming it on the server – and then ask the developers of the theme for help.

thanks Yogi.

will change the theme altogether now I think as my webhost is now saying there is a problem from wordpress flagging the IP?

why would that be, the security issue was not a hack and was an out of date plug in…and wordpress didn’t identify we did….and then removed it.

can you let me know what, why and when please Yogi? thanks

okay Yogi, theme disabled…..now what do I do? Should I just rebuild with a different theme? I don’t want to re-install and I don’t want to use the provider of the theme again if they have issues with WP

aaaaah!!
bope, got it! all sorted. I remember now, we had this same ‘security’ issue when the new wordpress update happened last year around the same time. it is because of ‘unsupported theme’

thank you SO much Yogi. you can bin this thread now. I’ll get cracking with a new temporary theme until I can get a wed designer onto the issue

thanks so much

have a great night

Jamie