wordpress virus

davids355

Super Moderator
Moderator
Executive VIP
Jr. VIP
Joined
Apr 25, 2011
Messages
19,328
Reaction score
26,631
Discovered this morning that 4 of my wordpress sites had a virus on them - some sort of JS iframe virus or something.
Sorted them out by replacing the index.php file at root of install.

Just wondering how they got compromised - 2 of them were slightly out of date versions (fair enough) but the other two were fully up to date, file permissions look OK, just wondering how they got done..?? grrrr!
 
Hi, i had 3 blogs done a few weeks ago, think it came from a plugin i downloaded on here from user M0g0l, i done the same replaced index.php, but also check you adsense if you have, because mine had been changed.
 
Aughhhrr! Just checked back on one of the sites and the code is back on there (and I had changed password!).

I have now deleted all plugins that I dont definitely trust, changed password again and removed code.

What else can I do?
 
Deleted ALL files from wordpress install. Downloaded fresh copy, re-uploaded, reinstalled few plugins:
all in one SEO
Statcounter
thats it.

Changed password, checked there were NO OTHER USERS.
Two hours later, the malware is back!!!!!!!!
 
This might be stupid question, but did you also delete and re-install your MySQL DB and setup new credentials?
 
No. Then I would lose all my posts wouldnt I?

This might be stupid question, but did you also delete and re-install your MySQL DB and setup new credentials?
 
There should be WP plugins to export and import your posts which you should of course do before deleting DB. I'm quite sure that the virus is lurking in your database. You could also check if there are some tools to scan the db for viruses.

And of course if you know how to use PhPMyAdmin you can export all the relevant tables like wp_comments, wp_links, wp_posts, wp_posts_meta but of course the risk is that virus gets exported along the other data.
 
Last edited:
I don't know how to get malware out off wordpress but I never download any plugins for WP at BHW unless I've paid for them.

Nothing is really free, someone is getting paid somehow with those free plugins you download.
 
There should be WP plugins to export and import your posts which you should of course do before deleting DB. I'm quite sure that the virus is lurking in your database. You could also check if there are some tools to scan the db for viruses.

And of course if you know how to use PhPMyAdmin you can export all the relevant tables like wp_comments, wp_links, wp_posts, wp_posts_meta but of course the risk is that virus gets exported along the other data.

Thanks I might try that. At moment have hardened all security and so far JS has not returned. Will check again tomorrow.
 
Back
Top