Javascript Injection Prevention On Wordpress

My blog on wordpress gets the following malicious script injected: eval(function(p,a,c,k,e,d){e=function(c){return(c35?String.fromCharCode(

Solution 1:

Search with in all your files the following content: eval(function()

It will show you every files that contains this code.

Otherwise, try to search this: base64_decode

This is a function that permit to decode a base64-encoded text, which is often used by malicious PHP files to inject some code that you can't detect by searching eval(

If the problem persists, answer here and I'll try to help you.

Solution 2:

Also, as additional feature to protect your client-side from XSS like that, i can suggest you to use CSP after cleaning your backend from injection. You can read more about it: https://developer.mozilla.org/en/docs/Web/Security/CSP It's not a silver-bullet, but nice to have it for protection of users.