Forums

WordPress › Support » How-To and Troubleshooting

Malware detected on my site (6 posts)

  1. jobradders
    Member
    Posted 6 months ago #

    Hello - I have read various posts here and I can't find a solution that exactly matches my problem - hope someone may be able to help me.

    A few weeks ago I logged into wordpress and noticed a someone had added themselves as an admin user - I removed them immediately and updated to latest version of WordPress.

    Since then I sporadically see malware warnings when I'm trying to access our site - I think it's just when I'm accessing via Chrome - haven't managed to replicate the message in Firefox oe IE anyway.

    A few potential customers have also received this warning and our bounce rate did increase a couple of weeks ago,

    I'm not a wordpress expert by any stretch so I wondered if anyone had had similar problems and could tell me where I need to look to remove anything dodgy that might have been left behind?

    Site is http://www.bladesgrass.co.uk and the first part of the message I'm receiving is this:

    "www.bladesgrass.co.uk contains content from t14.au.mn, a site known to distribute malware. You computer might catch a virus if you visit this site...."

    Obviously quite panicked by this as it's putting off potential customers.

    Many thanks, Jo

  2. keesiemeijer
    moderator
    Posted 6 months ago #

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/
    http://sitecheck.sucuri.net/scanner/

  3. jobradders
    Member
    Posted 6 months ago #

    Thank you I've started reading some of these as well. I think the issue is that I'm worried I will break something by trying to clean up myself.

    I ran the site through http://sitecheck.sucuri.net/scanner/ as you suggested and have found the offending files - is it just a case of deleting these?

    eg: /js/|10n.js

    I can see a few files that were changed on September 15 for example.

    Or am I best to ask someone who really knows what they're doing?

    Thanks again, Jo

  4. keesiemeijer
    moderator
    Posted 6 months ago #

    Start by following the steps outlined here: http://codex.wordpress.org/FAQ_My_site_was_hacked (first link)

  5. jobradders
    Member
    Posted 6 months ago #

    Thanks again.

    In the end I decided it was too important for my limited knowledge and used Sucuri. Highly recommended by the way if anyone else has similar issues.

    Looks like everything is clean now.

    Thanks for all your help.

    Jo

  6. keesiemeijer
    moderator
    Posted 6 months ago #

    No problem. Glad you got it resolved.

Reply

You must log in to post.

About this Topic

Tags