Site breaking down occasionally and pasting plugin texts on page html itself

Hi.
So finally I got a chance to try and show you an issue we have been fighting for a while now.

For some reason, once – twice a week, we have plugins that are breaking the website. we are not sure exactly what happens and why, and our “dev” is having a hard time making sense and finding the issue.

this happened several times, each time seemed like another plugin created the issue.

I am not sure even when to start.
Another funny thing is, when this happened, I copied the live site to a staging environment to show you.
When looking at it from incognito – I can see the issue.
When logging in – it is gone.
When this happens on live – the issue mostly shows on both frontend and backend, and is shown to both logged in and guest users.

can you please help us find where it comes from?
We had to turn wordfence off one of the times when it happened.
Then we had it with the wp import pro [ I think dev made a rollback to make it work again ].

I need to pinpoint the issue.
I also stated already that there are a few old codes and templates on the website – you said it should be fine.
But seems something is effin it all up. please help !

Attachments:

You must be logged in to view attached files.

I see now that it seems to not be present on the staging, even though I did create it while we had the issue.
🙁 not sure how I can make it happen again to show it to you.

The only thing I know and forgot to write is that when it happens, the file functions.php in the child theme is changing to the texts we are seeing on the pages.

Hello,

To better assist you, could you kindly test the functionality with default WordPress themes such as TwentyTwenty or WooCommerce Storefront? This will help us determine whether the issue stems from our theme or elsewhere.

Regards

Hi, I would love to be able to test it.
Unfortunately, it happens on our live site, which makes us lose sales.
So every time it happened we done all we can to fix it as fast as possible.

I copied the website to the staging environment to try and keep the issue, but it seems it is not present anymore.
So now, I cannot even try and test it…

No idea how to replicate, since we have no idea what makes it happen in the first place.
We are so lost with this. and it visits us around twice a week. Often on weekend, so it takes time to even notice that there is an issue.

Is there any other way to try and find the reason for it happening? it costs us money and orders, clients are too afraid to order when they see scripts and codes printed on the page they browse.

Worst case, I will try to wait for it to happen again and then test if swapping the theme helps.

okay, so I noticed that from incognito, I did still see the issue, even after Ctrl+F5 and cache cleaning on both sides.

So I tried to change the Theme to Twenty Twenty-Five and it removed the text from the html body.
I moved back to our child theme based on WoodMart – and the texts came straight back on the incognito user.

Now, this time the text seems to be related to the plugin that updates stocks on our site [ if something sold in shop, site updates as well ].
Previous time it was the WordFence, and before that it was the stock notifier plugin.
Also, this time when it happened – the Elementor was GONE on our site. Had to rollback…

Anyway, seems like part of the problem still persists and can be seen. Seems it does have a connection to the theme [ or at least files used with the theme ].

current text we get:
componentsCounter = 0, fusionUsedComponents = [], // eslint-disable-line no-unused-vars postContent = jQuery( '#content' ).text(); // eslint-disable-line no-unused-vars // Loop over all available elements and add them to Avada Builder. sortedElements = _.sortBy( fusionAllElements, function( element ) { return element.name.toLowerCase(); } ); _.each( sortedElements, function( element ) { var newElement, targetObject = fusionGeneratorElements; if ( 'undefined' === typeof element.hide_from_builder ) { newElement = { title: element.name, label: element.shortcode }; if ( 'undefined' !== typeof element.component && element.component ) { targetObject = fusionComponents; } if ( 'undefined' !== typeof element.allow_in_form && element.allow_in_form ) { fusionFormComponents.push( newElement ); } if ( 'undefined' !== typeof element.form_component && element.form_component ) { fusionFormComponents.push( newElement ); return; } if ( 'undefined' === typeof element.generator_only && 'undefined' === typeof element.form_component ) { fusionElements.push( newElement ); } targetObject.push( Object.assign( {}, newElement, { generator_only: 'undefined' !== typeof element.generator_only ? true : element.generator_only, templates: 'undefined' !== typeof element.templates ? element.templates : false, components_per_template: 'undefined' !== typeof element.components_per_template ? element.components_per_template : false, template_tooltip: 'undefined' !== typeof element.template_tooltip ? element.template_tooltip : false } ) ); } } ); // Filter compoments. fusionComponents.forEach( function( component ) { if ( 'string' === typeof fusionBuilderConfig.template_category && ( 'object' !== typeof component.templates || component.templates.includes( fusionBuilderConfig.template_category ) ) ) { componentsCounter++; } } ); FusionPageBuilder.ViewManager = Backbone.Model.extend( { defaults: { modules: fusionElements, generator_elements: fusionGeneratorElements, components: fusionComponents, componentsCounter: componentsCounter, elementCount: 0, form_components: fusionFormComponents, views: {} }, getView: function( cid ) { return this.get( 'views' )[ cid ]; }, getChildViews: function( parentID ) { var views = this.get( 'views' ), childViews = {}; _.each( views, function( view, key ) { if ( parentID === view.model.attributes.parent ) { childViews[ key ] = view; } } ); return childViews; }, generateCid: function() { var elementCount = this.get( 'elementCount' ) + 1; this.set( { elementCount: elementCount } ); return elementCount; }, addView: function( cid, view ) { var views = this.get( 'views' ); views[ cid ] = view; this.set( { views: views } ); }, removeView: function( cid ) { var views = this.get( 'views' ), updatedViews = {}; _.each( views, function( value, key ) { if ( key != cid ) { // jshint ignore:line updatedViews[ key ] = value; } } ); this.set( { views: updatedViews } ); }, removeViews: function() { var updatedViews = {}; this.set( { views: updatedViews } ); }, countElementsByType: function( elementType ) { var views = this.get( 'views' ), num = 0; _.each( views, function( view ) { if ( view.model.attributes.element_type === elementType ) { num++; } } ); return num; } } ); window.FusionPageBuilderViewManager = new FusionPageBuilder.ViewManager(); // jshint ignore:line } ); }( jQuery ) )

Any help would be greatly appreciated. Our programmer did not manage to find the root of the issue and it has been like that for more than a month already.

Hello,

There is no such code in our theme by default. As we can see, it contains the name of some third-party page builder https://gyazo.com/c2751dd5ed66e28a9445ff96d092ca2d
Probably, it comes from one of the installed plugins or themes that was used before WoodMart.
Anyway, if you want us to check it further, you need to keep all plugins that are not related to our theme temporarily turned off.

Kind Regards

hey, I added login credentials under the first message.
On the staging website you can turn on and off anything you want I think.
it is not in use and was created only to try and show the issue.

The code is not really important I think, since each time we had other codes, from different plugins.
The one thing I did see, is that in each occasion, the functions.php was re-written with the same code that pops up on the html.

I mean, the code showing up is connected to the issue, but the codes are different each time and are coming from different plugins each time [ we had elementor codes the first time it happend, we had wp-import codes, which is the fusion we see now if I am not mistaken, we had codes from WordFence … everytime it takes a part of code of one of the plugins and pushes it into the html.

You are welcome to do anything, turn off and on what ever you think might help to find the issue.
I just hope we can fix it asap and that the fix won’t make us forego something important

I have one more thing I realized now –
I think it all started happening around the time I found out the issue with the instagram div showing up on one product.
[ this post : https://xtemos.com/forums/topic/wd-instagram-below-related-and-upsells-after-update/ ]
Could it be connected?

And unfortunately, as I have said, I copied the live site to staging to try and replicate the issue, but it seemed to not show up [ except for incognito users ]. Turning WP-Rocket off – removed the codes to incognito users, so now trying to show it is a lot harder.

Hello,

No, it is not related to that support request. Also, there is no such code on your website now so we can check what is wrong.

Kind Regards

next time it happens I will try to clone it to the staging site again, hopefully this time it would keep the issue.

is there no way to try and find out why it happens through logs or something?

We need to see this issue live to understand where the code is coming from and if it has any relation to the theme.

Well, while it is not the issue as we have seen it until now, I have something that seems to be connected.
Copying into the staging environment now.

Was trying to create a popup for the Black Friday sales – Noticed that I have codes beneath the popup editing.
Can see them in preview as well. it is the closes to imitate the problem we have been seeing. at least , this time it is not on every page on the website. On the other hand, I have noticed that I CANNOT create the popup. it doesnot work as it did before. This time the code is elementor code…

I hope this brings us a little bit closer to understanding what happened and where it comes from.
Also, staging is working fine when logged in, but Incognito should see the code issue on homepage again, at least for me it is happening now after cloning the site to staging.

Please help <3

Attachments:

You must be logged in to view attached files.

Hello,

This website is totally broken for us at the moment. Here is a screenshot https://gyazo.com/249a201b3856001aaccc67afd35ab8b3
Could you please disable all plugins that are not related to our theme and send us your admin access?

Kind Regards

Hey Artyom, You have a login in the first message with a link to the staging area.

On the staging area you are welcome to turn on and off everything you would like [ as long as it should not affect the live site ].
You have the freedom as long as we can fix it.

Also, I had the issue happen again on our live website [ mid Black Friday sales, so I rolled it back asap ].
I had codes injected intomy functions,php. – this time it was added before my codes, it did not erase all of it.

I add a link in private area to the drive since your wordfence won’t let me paste the code here

As we can see, this code looks like a virus. It seems that your website has a backdoor somewhere or someone has access to your website to customize these files. You need to consult with the hosting provider and ask them to check your website for viruses and remove them.

[Author]

Posts