My website is www.thetechgears.com,a pop-up window opens up in the site leading to perfectmatch.com, but I am sure I haven’t installed any ad-code, especially pop-up of this kind. I tried to figure out the location of the code but failed.
While the pop-up loads I could see some URL like anrdoezrs.net loading, this could be a hint in tracing.
Is the code located within database or somewhere else?
Check your
.htaccessfile in the root of your WordPress installation. Normally, when your wordpress has been compromised attackers inject code into the .htaccess file, which will redirect your site to other sites.If your
.htaccessfile is clean, then check yourindex.phpandheader.phpin your theme folder and also theindex.phpin your root folder.I tried to figure out the malware ad-code, but couldn’t locate it. So, I just re-installed everything and made the installation more secure by using WordPress security plugins like “All In One WP Security”, “Better WP Security” and “Wordfence Security”
But be cautious while tweaking settings of these plugins, as over-tweaking may lock-out the site for admins too. Before installing, take a backup of your .htaccess file