Code snippet left in header

elviejiton · #1 May 16, 2016, 09:33 AM

Before discovering this forum, I tried to create rotating, linked header images using the WordPress Responsive Image Header Slider Plugin. It didn't work to my satisfaction (or I couldn't figure out how to get it to work), so I deactivated and deleted the plugin and the code snippets that it had suggested inserting (shortcode).

Unfortunately, I am left with a different code snippet in the header area: body class="home blog logged-in admin-bar no-customize-support" > which I don't know where it came from or how to get rid of it.

Any suggestions would be appreciated.

juggledad · #2 May 16, 2016, 09:56 AM

have you tried disabling ALL your plugins to see if there is a conflict?
what is the url?
go to ATO->export/import and export your settings then attach them to a reply (use the paper clip icon)

elviejiton · #3 May 18, 2016, 10:01 AM

The URL is www.prineb.org

I haven't tried disabling all plugins yet.

Thanks for any help.

juggledad · #4 May 18, 2016, 12:19 PM

Quote:

I haven't tried disabling all plugins yet.

well let me know what happens when you do disable them ALL.

elviejiton · #5 May 18, 2016, 08:31 PM

I deactivated all the plugins and there was no change to the code snippet found at the top of the website.

juggledad · #6 May 18, 2016, 09:27 PM

Odd, with your settings I have no issue. You haven't modified any of the theme code by any chance?

elviejiton · #7 May 18, 2016, 10:37 PM

Not that I'm aware of. But would it make sense to reinstall Atahualpa to find out if that fixes it? I've thought of doing that by installing another theme, then deleting atahualpa, then installing atahualpa and deleting the other theme.

It probably would make sense to mention that somehow all the post permalinks, including the comment links, have been changed to the "contact us" page. This happened within the past few weeks, I believe, and was not done (consciously, at least) by me; and there is no one else with access. But I would be happy to deal with one problem at a time.

juggledad · #8 May 19, 2016, 04:00 AM

before you reinstall, take a look at the atahualpa (v3.7.24) header.php file and look at line 62 does it match the following?

HTML Code:

<body <?php body_class(); ?> <?php bfa_incl('html_inserts_body_tag'); ?>>

elviejiton · #9 May 19, 2016, 10:16 AM

Fantastic! You found it. The initial "<" had somehow disappeared from that line. I inserted it and the obtrusive code snippet went away.

Now I'm going to restore the WordPress database from backup to get rid of the bizarre links mentioned above and explore whether WordPress has two-factor identification for passwords - especially for administrator - to reduce the chances of such silly things happening again.

Thanks!

juggledad · #10 May 19, 2016, 11:12 AM

Ummm if you didn't change that code, I'd be worried about a hack. I would install the plug-in wordfence I'm going to scan on your site including all of your plug-ins and templates.

elviejiton · #11 May 20, 2016, 09:50 AM

I already had the "Login Security Solution" plugin activated, although I hadn't changed the admin password for way too long. Let me know if you think there is a clear benefit for Wordfence over Login Security Solution.

juggledad · #12 May 20, 2016, 12:47 PM

Wordfence can scan the code on the site to see if it has been changed.

The issue is that unless you changed the code it can't change on its own. And the worry is someone has hacked your site. Doing a scan will give you more information.

If I discovered a file had been changed without my doing it, I would be treating it as a hack.