Hate hackers? Me too. Cleaning up their messes can be time consuming, but that’s where Iframe-B-Gone comes in. With the power of regular expressions, Iframe-B-Gone is a WordPress plugin that can detect and remove unwanted code that may have arrived via SQL injection.

Table of Contents

  1. Purpose
  2. Download
  3. Installation
  4. Basic Usage
  5. Advanced Usage
  6. Version History and Changelog
  7. Legal
  8. License


Iframe-B-Gone is a WordPress plugin compatible with WordPress 2.5 and up. This plugin will scan, detect, and clean up unwanted iframes, and other code contained within the posts and links tables, the two most attacked by SQL injections.


Latest Stable Release: Iframe-B-Gone 1.1.0


  1. Download the plugin zip archive, see Download section.
  2. Extract the contents of the zip archive into your plugins folder (wp-content/plugins).
  3. Enable the plugin in the administration panel under the plugins section.
  4. Continue onto the Basic Usage section.

Basic Usage

Simply navigate to Manage>Iframe-B-Gone, a quick scan will be performed upon visiting the page. A list of possibly infected posts/pages will be presented, with the possibly malicious keywords highlighted. Click the clean button to let Iframe-B-Gone automatically clean up the page, or press the Edit button to manually clean the page.

Advanced Usage

Using the Advanced scan form, regular expressions can be used in the searching for malicious insertions. Matches made by this use may not be removed by the clean button, and should be manually inspected and cleaned.

Version History and Changelog

  • 1.1.0 [6-27-2008]:
    New Feature: Search multiple terms at a time in non-regular expression mode.
    New Feature: Updated to match the WordPress 2.5 dashboard look and feel.
    New Feature: Uses wp_nonce for added protection.
  • 1.0.0 [12-13-2007]:
    Initial release.

Due to the nature of this plugin, any malfunction may cause loss of data or corruption to posts, pages, or links being cleaned at the time of error. Thus, it is necessary to clarify that this plugin is provided “as is” and comes with absolutely no warranty. The author shall not be held liable for damages caused by this plugin. By downloading this plugin the user waives the author of all liabilities.


Iframe-B-Gone is released under the GNU GPL 2.0 license and comes with absolutely no warranty. By downloading Iframe-B-Gone you agree to the terms of the GNU GPL 2.0 license.


  1. Pingback: Mtekk’s Crib » Iframe-B-Gone 1.0.0

  2. Pingback: Mtekk’s Crib » Iframe-B-Gone 1.1

13 thoughts on “Iframe-B-Gone

  1. Yeah, the download management plug-in I was using is, well, (still) incompatible with WordPress 2.5. So for Breadcrumb NavXT I fixed up the links, but here I still haven’t. There are some changes in 2.5 that I really need to account for in the design of this plug-in, and probably won’t post a link to it until I make those changes.

    -John Havlik

  2. No problem :-)

    I’m mainly posting this comment to see how the new DB server does on inserts. So far the WP “search feature seems to be snappier so that’s a good sign!

  3. I installed the plugin and got this message at this moment I don’t know what it means:

    Aborting: WordPress API Malfunction

    For some reason the function get_currentuserinfo() did not behave as expected. Your user_level seems to be null. This can be resolved by navigationg to the Users section of the WordPress administrative interface. In this section check the user that you use for administrative purposes. Then under the drop down labled “change role to…” select administrator. Now click the change button. Should you still recieve this error please report this bug to the plug-in author. In your report please specify your WordPress version, PHP version, Apache (or whatever HTTP server you are using) verion, and the version of the plug-in you are using.
    WordPress version: 2.6.1
    PHP version: 4.4.8
    Plug-in version: 1.1.0

  4. EGA,

    You need to upgrade to a modern PHP version. PHP4 support was completely ended by the entire PHP community in August. I’m almost positive its a PHP4 bug in the WordPress API. What is happening is in the permissions checking function, something that should return a value is NULL and the current user is not an administrator. The cause of this is not exactly known, but seems to happen in PHP4 environments.

    -John Havlik

  5. Maybe I am missing something here, but it does not seem to work for me. I have an iframe that I just noticed today…the CSS Coloring option made it visible, and unchecking it made it go away…but the scanner does not see any iframes on the site. I have all of the defaults set up so it is looking for ‘iframe’ in wp_posts. I am using WP 2.7.1. How can I get rid of this iframe []

    • Michael,

      This plugin does not check your theme, plugin, or WordPress files for iframes. If you have your read/write/execute permissions set correctly your files should not be hackable, but in your case I’d look at your theme files for the iframe code.

      -John Havlik

Comments are closed.