Adverts Appearing on My Wordpress Site

Hi Guys,

One of my wordpress sites has suddenly started having adverts appear on it. For example if you go to my site via a mobile phone you are directed to an advert with something like "no thanks take me to the site" which you have to click to go to my site. If you visit the site via a laptop there is a banner at the top of the page.

I have no idea how this is happening. I gather it is probably a plugin that I have activated but for the life of me can't work out which one. I have tried deactivated them one by one but it doesn't help.

I have also tried loking in the header code but to be honest i have no idea what I'm looking for.

I've also just noticed there is a sign up to our database pop at the bottom which is nothing I have activated. no idea what it signs up to. Something to do with Philologos.

Any suggestions? (i appreciate you may need more info to help but not sure what I need to provide and what is safe to provide on a big forum like this).

Any help would be appreciated.

You've been hacked. If it only occurs on IOS devices the fix is pretty simple. Download something like BulletProof plugin and it will fix your Robots.Txt and other config files that the hacker fecked up.

https://en-gb.wordpress.org/plugins/bulletproof-security/

There are paid solutions as well, and if you only have one money site then using something like Securi might be an idea.

There are lots of hacks, but one that redirects and only seems to do it on mobile devices (specifically iOS ones) is a particular one that is pervasive, but not that hard to fix for free.

Scritty

Yeah, looks like you've been hacked mate. I personally wouldn't trust a plugin to solve this for me.
Hire a good freelancer to get this sorted and try to get to the bottom of it.
Bruteforce solution: sqldump post data, nuke the whole site and reinstall latest WP from scratch.

check your wp-config.php file,or your .httaccess file is highy the one responsible, the one causing this which means a code is being injected to it by a script some of the plugins to fix this can only protect it but wont get ri of the codes check them manullay or hire an expert also check your hombese files to see it there are file that are not sopposed to be there by default wp installation this files are usually
code.php
updater.php
mywebsite.php
etc the list continues

go through the plugins and turn off one by one to isolate if it is a plugin. Some plugins that are free can do this type of thing, i doubt if you have been hacked as you'd get a lot worse than that as a hacker wouldn't take the time to hack then just do that.
Run your theme through this, it checks the whole theme for malicious code, which maybe what's happening.
https://wordpress.org/plugins/tac/

blogzandstuff said:

go through the plugins and turn off one by one to isolate if it is a plugin. Some plugins that are free can do this type of thing, i doubt if you have been hacked as you'd get a lot worse than that as a hacker wouldn't take the time to hack then just do that.
Run your theme through this, it checks the whole theme for malicious code, which maybe what's happening.

Click to expand...

I'd have to agree with blogzandstuff. In my experience a true 'hack' doesn't reveal itself so obviously as your server is a precious commodity to them - they wouldn't want their presence to be known! I had my VPS hacked once and only found out after the IP surfaced on some e-mail spam blacklist.

It's more likely a plugin that was 'free' and who's expiration date now expired - showing ads. The worst part is that you most likely accepted it somewhere

Turn them off all at once - if the ads are gone, try and isolate the bad plugin by re-enabling them one by one. Basically what blogzandstuff said, only the other way around to save you some time if it isn't a plugin. Then it will still be there with all plugins disabled. Ow and change your theme back to the default aswell!

Unfortunately after this happens only a clean install and a complete cleanup of your database dump will guarantee you're clean.