My website is www.thetechgears.com,a pop-up window opens up in the site leading to perfectmatch.com, but I am sure I haven’t installed any ad-code, especially pop-up of this kind. I tried to figure out the location of the code but failed.
While the pop-up loads I could see some URL like anrdoezrs.net loading, this could be a hint in tracing.
Is the code located within database or somewhere else?
Check your
.htaccess
file in the root of your WordPress installation. Normally, when your wordpress has been compromised attackers inject code into the .htaccess file, which will redirect your site to other sites.If your
.htaccess
file is clean, then check yourindex.php
andheader.php
in your theme folder and also theindex.php
in your root folder.I tried to figure out the malware ad-code, but couldn’t locate it. So, I just re-installed everything and made the installation more secure by using WordPress security plugins like “All In One WP Security”, “Better WP Security” and “Wordfence Security”
But be cautious while tweaking settings of these plugins, as over-tweaking may lock-out the site for admins too. Before installing, take a backup of your .htaccess file