Every day hackers sit out there an pray on good sites for no good reason.  Some days they are even successful.  In the past few months I’ve worked with a few blogs to detect and remove hidden code that was causing various unwanted issues.  It happens to the best of blogs, and knowing how to find and remove it is just as important as trying to prevent it.

Blog #1 - The iFrame - The first indicator that something was wrong here was the time it took the blog to load.  It seemed abnormally long.  I popped open Safari’s activity window and noticed it was connecting out to an IP address that I didn’t recognize.

When the did finally load, it then asked me if I wanted to run a Java applet.  Huge red flag there.  It took some digging but I found a lot of files contained some iFrame code that was loading badware from an external site.

To fix, I deleted and re-uploaded all the files I could, and walked though each theme and plugin file to find any traces of code that should not be there.  Once cleaned out, the site ran much smoother.