sh: /usr/local/bin/python

Try contacting your hosts. WordPress doesn’t use Python, so it’s coming from outside of WordPress.

That would make sense if it was on all pages. But this message does not show on the admin panel or on any of my other sites running on the same server (also not those that run WP)

Have you tried:

– deactivating all plugins to see if this resolves the problem. If this works, re-activate the plugins one by one until you find the problematic plugin(s).

– switching to the Twenty Eleven theme to rule out any theme-specific problems.

– resetting the plugins folder by FTP or PhpMyAdmin. Sometimes, an apparently inactive plugin can still cause problems.

Really strange, if I go into PhpMyAdmin I can not find active_plugins in wp_options…
I did the thing they suggest with PHP, but it makes no difference at all. Neither does changing theme ??

Look at your index.php. Your site is probably hacked (seeing some hacked sites trying to contact an external host that is causing this error).

I was afraid of that, but I had no idea where to look to solve it. Indeed there were some evil lines in index.php, problem solved!

Now, does anyone know how this got there? Am I safe if I change all passwords be up to date with newest wordpress? Strange thing is that this website has always been WP up to date. Other sites of mine have been “hacked” about a year after I quit updating them. They run on the same server though…

Hi,

Here’s a link to Sucuri’s post about this:
https://blog.sucuri.net/2011/07/python-no-such-file-or-directory-your-site-is-likely-compromised.html

In my experience. most of such hacks involve backdoor scripts.

Make sure there are no suspicious files and there is no suspicious code in legitimate files. (Check themes, plugins and uploads directories).
You can also scan raw log files for suspicious POST requests – this way you may find backdoor file.

Of course, changing all site passwords is a very good idea after such incidents.