candrichuk

Thank you for your quick reply! I do have a paid account with Securi but their reports say my site is fine??? I will email them again and see what is up and will need to hire someone to clean up this mess. Also, I am hosted with GoDaddy but do you recommend a better, more secure host?

Hi there,

I have been experiencing a similar problem as above and have read through all of the documentation provided – thank you. I, too, was getting Payday loan script above my website header and found the code to get rid of in my header.php, however, I am now experiencing another issue with it. When I go to post my website url in a Facebook post https://www.travelagentrevolution.com, I get the following summary as Payday loans: [removed – no need to post that here]
I have found some strange code in my import_settings.php that includes the words global, base64_encode and a series of letters and numbers (info is based on the ottopress link above), however, when I contacted my theme provider, Elegant themes, they told me the code was safe and to do a new install of the theme. I have done that but I still get the same issue. I’m pretty certain I have been hacked and the code is hidden here or in another .php file (I haven’t found anything else unusual) but I do not know what code I need to keep and what to remove. I tried removing some of it and I got a Parse Error with the theme. I am hosted by GoDaddy, not sure if this may be the issue based on some of the reading I have been doing. Here is the code from my import_settings.php, can anyone see if this is my issue and, if yes, what part do I remove?
Thank you for your help!
Cheri

[Do not post hacked code here, please]

Ok, Sucuri it is! Thanks, again, I really appreciate your help!

Thank you, Chris!
I checked out Sucuri and used their free scan of my website and it came out clean – nothing malicious. As I mentioned, I am not technical and do not feel comfortable attempting what you posted above myself. I would rather pay for a service or someone to clean up this mess, however, I want to make sure that Sucuri is the right choice after running the free scan and finding out that my site is clean. If not, what do you recommend?
Thanks, again, for your help!
Cheri

Hi,
I have recently run into a similar problem as discussed in this post. I uploaded a plugin – WP Bulletin Board (since removed and deleted the files) and it looks like it has conflicted with my theme, Aggregate (Elegant Themes) or loaded some type of malicious script. My site is still functioning but I can no longer access my editor as well I have warning script above the editor area (it has been pushed down below the warning script) and I also have warning script when I open up an existing page to edit it – the script is under page attributes (it has eliminated my page theme option). I have emailed Elegant Themes for some help / assistance and have yet to get a response from them. I am not a techie and am feeling a bit desperate as to how to fix this. Can anyone help me with this problem? I have updated WP to 3.5.1. The script I am getting is as follows:

Warning: scandir(/home/content/82/5919282/html/travelagentrevolution/wp-content/themes/Aggregate) [function.scandir]: failed to open dir: Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

Warning: scandir() [function.scandir]: (errno 13): Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

Warning: Invalid argument supplied for foreach() in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 983

Warning: scandir(/home/content/82/5919282/html/travelagentrevolution/wp-content/themes/Aggregate) [function.scandir]: failed to open dir: Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

Warning: scandir() [function.scandir]: (errno 13): Permission denied in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 980

Warning: Invalid argument supplied for foreach() in /home/content/82/5919282/html/travelagentrevolution/wp-includes/class-wp-theme.php on line 983

Thank you!
Cheri