So many iframes, easy way to find source of injected ads?

I just noticed one of these "…" on a client's site. She doesn't know which plugin is adding the links. So one of the many scripts on her site is looking for keywords, in this case the title "Best Resources" and making that text into an affiliate link.

Of course I can disable each script on her site, one at a time, till I find the culprit--looks like that's my best option at this point. It would be really cool if jsunpack was modified to scan all the iframed javascripts of a URL for inline text ad injections and show some warnings when those are found.

2 Replies

If you care to RT this on Twitter:

WordPress plugins robbing you blind? #wordpress #plugins

Could generate more interest in this subject.

Turns out this time it was not a javascript injection, and probably not a plugin injection either.

Explanation turned out to be really simple–another widget had a tag that wasn't closed.

However, after dealing with another site's iframe-javascript injections over the weekend, I'm more cautious about rampant javascripts getting out of control.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct