Wendihihihi

According to Joost it’s (all) the themes… ??

Of course it’s a bug otherwise it would be related to all the themes we are using.

@joost Always the others, right Joost?

Ow, btw, for people who made there own layout based on the current plugin, will their theme be broken?

Yes, you are right. That should do it. Thanks

Sounds good. In January/February I’m going to make a theme for the WC so I’ll be having a look at the plugin by then as well.

No. Joost is famous for not replying. Update takes 6 months.

Yep, here as well. Can’t get rid of it while options is set to disable.

Not sure if that would solve it. I need 3 images on some pages and 4 images on other.

Hi,

That’s possible, no problem.

If you want to add the code without plugin you could also use this code. It sends an event to Analytics every 10 seconds, but also every time when they scroll down the page.

<script type="text/javascript">
var _gaq = _gaq || [];
 _gaq.push(['_setAccount', 'UA-xxxxxxxx-1']);
 _gaq.push(['_trackPageview']);
setTimeout(function() {
 window.onscroll = function() {
 window.onscroll = null; // Only track the event once
 _gaq.push(['_trackEvent', 'scroll', 'read']);
 }
 }, 10000);
(function() {
 var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
 ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'https://www') + '.google-analytics.com/ga.js';
 var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
 })();
</script>

Since there has been no reply, I fixed it myself and get the real ip address.

Thanks

Uhh, you do know that Yoast doesn’t reply, right?

You did look at the settings, right?

Autotag only a post when terms finded in the content are a the same name. (whole word only)

I don’t know if this is English, though…

It’s only present in aioseop_module.css.

Your hosts are the only ones who have (had?) this. ??

Not sure if I understand this line ??

See: https://www.google.com/search?q=0wnz+by+M4d3X

esmi is trying to help, Bilbo101. It’s also difficult to know what level of knowledge we have, so esmi has to start at the beginning and narrow things down. It was a summary of what we already know, indeed, but maybe helpful to others.

When I look in Google at the websites affected it is totally random to me. I don’t believe it is a vulnerability in WordPress, because then so many more websites must have been hacked.

I’d also like to rule out the possibility of an infected computer since I’m quite sure mine is clean.

As Bilbo101 said, an insecure plugin might also not be the case since not all sites use the same plugins.

I think I would go for option (1), via another insecure site or application on the server. But they will never admit.

@esmi: I assume you have changed all FTP, hosting account and site passwords yes? I have changed hosts (and passwords), lol.

Still hoping for someone with an access log, but I don’t think it will be there because it’s just a script that the hacker was running including deleting of the last month of the log.