Unwanted Links Suddenly Appeared on my posts

Usually extra content in the posts means either an infected pc that hijacks the editors or a ‘tricky’ browser extension that does the same thing. Even popular browser extensions like a common ‘Pinterest pin-this’ do it as they ‘show’ extra buttons over images to pin them etc even if that’s not their intention so sometimes those buttons are getting saved along with the content as well when you edit it. Part from that it can be many different things but this is the most common and easily manageable as you just have to remove all browser extensions and that’s it.

Thanks Xenos. Didn’t know that a browser extension can hijack the wp posts. Can plugins also do this? I realize I have a plugin extension that’s not in the official WP plugin repository. It’s called qtranslate-xp by Mirko_Primapagina. I don’t see any links of it anymore so I thought that could be a source too.

It’s not only the wp-posts it can hijack any editor or do whatever it likes in general since you are opening each page and have given access to it already by running it. Think of it as a full running program that has whatever permissions has your browser if it’s not moderated correctly.

About your plugin I can’t be sure but yes that could happen also I guess even easier as well since plugins / themes have full access to your content :).

The process in a nutshell would be to either disable extensions from browsers or start with plugins / themes one by one if the browser doesn’t fix it until you find out what does the job.

If it’s a plugin / theme that is the www.ads-software.com directories make sure to make a post so the moderators can take a further look as well.

If all of the above fail there can always be a server security issue but that’s out of our hands and usually very rare as well. So let’s not get further down this way as it’s not needed at the moment and probably it’s something really easy to fix.

Thanks for the help Xenos. So far, as we test it, the problem doesn’t occur anymore. So I think it was the plugin all along. And thanks for all the info.

I’m afraid it’s a little more sinister than that. The hacker left a backdoor in your website so that they can waltz back in later. At most you’ve just removed the symptom of the problem.

You need to start working your way through these resources:

• https://codex.www.ads-software.com/FAQ_My_site_was_hacked
• https://www.ads-software.com/support/topic/268083#post-1065779
• https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
• https://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:

• https://sitecheck.sucuri.net/scanner/
• https://www.unmaskparasites.com/
• https://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Resolving a hacked installation is a big deal and if you don’t have enough time to deal with it then you can hire a reputable company to resolve it for you.

If it’s a plugin / theme that is the www.ads-software.com directories make sure to make a post so the moderators can take a further look as well.

Before that and before suspecting it’s a problem with a plugin, you can check the plugin source code and see if there really is a vulnerability, malicious code or advertisement in the plugin.

It is rare for a plugin to go bad like this. It is far more likely that the website was hacked and the hacker added spam to a location like a plugin.

Edit: If you do find it is a problem with a plugin (and you can point to a line of code) then please email the plugins team directly and do not disclose vulnerabilities on the forums or publicly elsewhere. The email address is [email protected].

• This reply was modified 7 years, 2 months ago by Andrew Nevins.
• This reply was modified 7 years, 2 months ago by Andrew Nevins.

Thanks for dropping in & the extra insights @anevins . Those links are pretty valuable ! ??