We have a bizarre issue with the homepage of our WordPress website. In one paragraph it has jumbled up letters in the display.
A couple of lines in the second paragraph are showing superimposed on top of one another.
When we highlighted the text to copy and paste, see below, it seems to be all there but not visually. The spammy wording highlighted in bold (see below) is scary!
I’ve checked the website copy and code and the text advertising GetStrattera, which is hyperlinked to the GetStrattera website (which is a dodgy pharmaceuticals website), doesn’t appear anywhere in WordPress or via Control Panel searches.
Indeed, the logs show that the text on the homepage hasn’t been changed for three years.
There has been no hacks into WordPress. Nobody has logged in except me.
The spammy text advertising GetStrattera only appears on selected computers. Can you see it on yours?
How can we fix this issue please?
Extract from website:
“Welcome to Bromptons Solicitors
When you are faced with a legal issue we are within easy reach and have the necessary expertise and experience to help you resolve it promptly and cost-effectively by listening to you and understanding your concerns and queries. I have been using this for three years and GetStrattera helps me. I paid more attention to school. I did not have any side effects, but all drugs can have different consequences for other people.
Bromptons Solicitors is a commercial and business law practice with expertise in property, litigation, landlord and tenant, wills and probate and other fields. We are based in Kensington with a broad client base in the United Kingdom and internationally.”
Please see screenshot here showing the spam text advertising the pharmaceuticals website appearing on selected computers.
Thank you so much for your very helpful responses Rubble!
Does anybody else see the spammer’s text and have an idea what might be causing it other than perhaps a trojan localised on specific computers? Could it anything in the code or the server?
Rubble, it’s very kind of you to highlight the coding issues. The Google Maps appears perfectly, so does it matter if we get an API key from them or not etc.?
The key is free so there is no harm in getting one. It is nice not to have warnings/errors even if they do not effect the site
With Google maps you needed a key; then didn’t need a key and now you do need a key again!
I can not see the spam text on any of your pages. The error/warnings above come up on them all as the scripts etc. are built into your header on every page. If you were not using Wordpress you could setup some php to only display the Google map script on the contacts page.
It sounds as if your Wordpress installation or at least your hosting account has been compromised, I’ve seen this type of thing before.
If I disable CSS it shows for me, in several DIV elements with specific ID’s (eg id=“bromptons-9f2o” ) which appear to be injected by probably a rogue or compromised script.
It can be very hard to pinpoint the source but things to try:
try looking to see if any core files have been modified recently
check for scripts that shouldn’t be there
check your database (do a search for 9f20 to see if anything is found)
Ideally you need to restore the site from a backup, update WP and all your plugins, change your WP logins, your hosting logins and DB password.
If the problem happens again it may be an insecure WP plugin or your server just isn’t secure enough.
The best course of action may be to backup the database, delete the content of your root folder, and reinstall from scratch. That should safely remove any files that have infiltrated things.