Find answers, ask questions, and connect with our
community around the world.

Activity Forums Web Design [Malware infection] How do I get rid of this persisting redirect virus on my WordPress website?

  • [Malware infection] How do I get rid of this persisting redirect virus on my WordPress website?

    updated 2 weeks, 5 days ago 0 Member · 1 Post
  • Maverick

    Member
    October 30, 2019 at 7:02 am

    So I am running two identical WordPress websites that only differ in language: http://www.website1.com (English) http://int.website1.com (non-English) They are two separate installations of WordPress, but almost identical, since only change is language. Some time ago I got a redirect virus on first English website (main site). It changes wp_posts to inject malware code that redirects website to advertising sites. Code looks like this: It inserts in all wp_posts database entries and also wp_options website url gets changed automatically to malware site. I always clean these with a MySQL command that goes through all entries and removes it. It is always different, sometimes it is obfuscated eval code. Also, a new wordpress admit gets created each time. This attack happens once every few weeks or so. I tried deleting pretty much all plugins and deleting any files I could find on server, htaccess, everything, but nothing helped. Then finally, since int.website.com (second website) has no virus I just deleted main website and copied its file contents entirely and assigned it the first websites database. I thought this would be the fix, since the files are “clean” as second site has no virus redirecting it. But the virus appeared AGAIN! So question is: what do I do now? Can the virus be sitting in the mysql database? If yess, where? I tried looking for it by searching whole database for http entries, but could not find anything. I even had a web dev look through files and he also could not find anything. I have 3 more websites running on this server, also wordpress and they are all fine. It is sonly this one website that is affected. I really could use help with this. Thanks! – by hq overview RealHedgeFund – –

Reply to: Maverick
Your information:

Cancel
Original Post
0 of 0 posts June 2018
Now