Support » Fixing WordPress » How do I get rid of hacker script?

  • Hi,

    I got hacked.

    So I was a good boy and did plenty of Googling. Basically, I followed what it said in all the links given in this post, and also here.

    It’s now 5 hours since I discovered I was hacked, and while I’ve cleaned out almost 500 PHP files (filled with base64_decode stuff) there is still something inserting a <script> into my blog. If you look at the source code of any page on my site you’ll see at the very bottom an attempt to redirect the visitor to a bad, bad site.

    Like I said, it’s been 5 hours, and I don’t know what else to do. If anyone can help me out, I’d appreciate it.

    If you’re wondering what I’ve done so far:

    • “Updated” WP to 2.9.2 (which is what I was already using)
    • Changed my FTP password
    • Changed my SQL database password
    • Changed the WP password for both blog users
    • Deleted all base64_decode(blahblah) from PHP files
    • Deleted unused files and folders on my site
    • Cursed

    Thanks for any help you might provide.

Viewing 10 replies - 1 through 10 (of 10 total)
  • As I indicated in my post, I’ve read all those and pretty much gone through what they say. I still can’t find where that <script> command is coming from, and I don’t know enough WP-Fu to know where to look.

    In case anyone cares, I deactivated all my plugins, and the pages now load without the redirect script. It’s hiding in one of the plugins, so I think I’ll just reinstall all of them and let God sort them out.

    Man, I was hacked as well with exactly the same things as you listed!(see thread) What plugins were you using? It could be that the hackers got in to our sites through an SQL injection which means adding things to the database. I could be wrong though


    I suspect I had a file (or more!) with 777 permissions, which is really stupid of me. It doesn’t seem like they touched the database.

    I had a bunch of plugins, but none of the ones that you are using.

    Best of luck with your fight, man. You’ve got it tough 🙁

    Great, I’ve been hacked again. Just woke up and found out; this time instead of redirecting to another site there is a Java script that tries to run. What a fantastic way to start the weekend.

    Have you checked your computer for virus. malware or rootkit?

    Last hack hit me 00:48 Friday. Online scan reported malware java script. Ran full scan on my local system and found 3 new hi.class trojans and one new uut.class (malware) reported as less then a week old. Obviously came from my own site I am developing on shared hosting. Cleaned everything up checked the site on line no malware reported. Today’s local and on line scan clean.

    These are newborns . . hacks-viruses so be aware to update your anti virus definitions.

    Thanks, Steve. I just finished cleaning all the files up and spent 2 hours combing the Database for dodgy code–I didn’t find any.

    As soon as I finish activating plugins I’m going to run a scan on my computer.

    Fingers crossed that I can at least enjoy Sunday afternoon.

    These are the latest sneaking past name brand anti virus firewalls.


Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘How do I get rid of hacker script?’ is closed to new replies.