Wordpress breaking only in IE9

Question

I was recently hired by a new company and one of my duties is upkeep on old sites. It's recently been brought to my attention that one of Wordpresses is broken in IE9.

www.nexoslatinos.com

I've tried deactivating all plugins, no fix.

I've tried switching to default themes, even they appear broken.

I've opened the developer tools in IE9 and it's rendering the site in what it calls "Quirks Mode"??

The theme is for the most part identical to the theme found in the spanish translation version: www.nexoslatinos.com/espanol which is rendering fine in IE9. When taking the Spanish translation theme and applying it to the first wordpress, it breaks. The two themes also run identical plugins. They are however, different wordpress installations.

When I view the source for the page, I am getting a strange line of code before the doctype:

<!--331c6883dd6010864b7ead130be77cd5-->

Could this be throwing off IE9? I haven't been able to locate the code's origin, but it stuck out when reviewing the site in my initial troubleshooting.

The code for the theme is a bit of a mess and isn't valid, but despite that is displaying fine in Chrome, FF, and Safari.

Thoughts? Insights?

Answer 1

This sounds to me like it could be a file encoding issue. I would recommend checking to make sure all of the php files that make up the theme as well as all Wordpress core files that might have been modified are UTF-8. You can do that in your code editor, or by checking each file here: http://people.w3.org/rishida/utils/bomtester/

A quicker way to narrow down the scope of potentially problematic files might be to create a clean dummy Wordpress installation and activate the seemingly problematic theme. If the problem is still there, it's got to be a problem with one of your theme files. If it's not there, I suspect that there might have been some unsound edits made to the Wordpress core files.

Answer 2

That comment (not code) is an MD5 hash of "pizda" -- which is a eastern european pejorative meaning vagina in various languages. You can see this http://en.wiktionary.org/wiki/pizda for ethnological details.

Check your WP theme for code fragments that might look suspicious. If it's not there, check apache configuration for a site-wide server-side include (SSI).

Don't mean to alarm you as I didn't look at the site, but I would check files, database for malware, whether server-side, client side, or both. Not 100% sure, but additionally there is a pizda kernel exploit - you may want to have the hosting machines checked.