Text Enhance Adware now infecting WordPress through Tinymce

Add Comment


If you have spent any time on the internet I am sure you have seen sites with underlined links in their content. Usually this is linking you to something they want you to see of another page to go to.

However there are other types of links that when you put your mouse over them they pop-up with an advertisement.

Sometimes the website wants them there and other times they don’t.

Other times it is your machine that is infected with a virus of sorts that is causing this. One well known source for this is Text Enhance.

What is Text Enhance?

Text Enhance (Text-Enhance) is a form of bundled flash adware (categorized as a browser hijacker) that attaches to internet browsers as an extension and cookie without user consent. The primary website for Text Enhance does not allow users to download their extension, nor can their extension be found on Google Chrome’s extension database, nor any other browser’s add on database for that matter. In other words, Text Enhance is not a realistic in text advertising service.

An example of what it looks like in your browser is this:


When you hover the link above this ad pops-up, this is all to make you leave the site and hit whatever site they are directing you to.

So if it is a virus on a users computer why do we need to worry about it in the WordPress world?

Well it seems that if a user has this virus installed on their system and they are posting a blog post to a WordPress website/blog the virus will embed the JavaScript necessary to invoke these ads on the site.

How is this doing it?

So far the only way I can tell is it is exploiting the browser some how and using TinyMce as the gateway to get the code published to the blog.

You can see here a post that is using the visual editor has no knowledge of anything wrong:

Click to enlarge

But if you change to the html editor you will see the malicious code:

Click to enlarge
Click to enlarge

So what can one do?

Well for starters you should remove the virus from your system if it is in fact infected. You can read a great article on how to do that here.

Other things you should be doing are keeping all your software up to date including WordPress and all plugins. And be sure to be running a good anti-virus program on your computer.

Please let me know if you have any questions or if I can help clear anything up for you.



( If you are reading this anywhere but my blog, you can find the original post here. )

8 thoughts on “Text Enhance Adware now infecting WordPress through Tinymce”

  1. hey Phil, I’ve been pulled my hair out. Try to figure out how to get Text enhance off my client site http://calgarytelephone.ca/ anything you can do to help me I be happy to give you something in return.

    I disabled all the plug-ins, and it still showed up, contacted the hosting provider with no luck. Look at all the code on the backend can’t find nothing at all.

    any input you have would be much appreciated

        • I sent you an email about it, didn’t you receive it? You need to use a computer that is not infected and go into your page editor. Be sure to click on text and not html tab in WordPress so you can see the code at the bottom of your post content…

          • hi Phil, I got your email, is there any way You can help me get this stupid shit off the website.
            But that doesn’t really help me what you said. I’m still trying to figure out where the hell this crap is inside the website is in a plug-in or somewhere else. And how do I get it off the site.

          • Hey Allan,

            Sorry that you are having so much trouble with this. I doubt it is a plugin, the code is usually just inserted in your text area where you create content. Like I said if you need help send me an email or use the contact form here. I can fix it for you if you need, my rates are very reasonable as well…

Leave a Comment

11 + 9 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.