Just another malware / hacked site. (3 posts)

  1. redhanded
    Posted 4 years ago #


    Really hoping someone can help me out with a WordPress installation that has recently been hacked and classified as malware through Google.

    Upon visiting the site the user is redirected to a .ru website - This redirect seems to change based on what link you click in the nav but every link on the site redirects.

    I've had an extensive read over many articles and actioned many things.

    1. I have checked through the theme files and removed any suspicious code
    2. Used a php tool to find base64_decode and removed it from 15 pages
    3. Removed redirected that were hacked into the .htaccess file
    4. Reuploaded clean wordpress core files
    5. Disabled all plugins and custom theme, enabled clean default theme
    6. Removed all but the default user account
    7. Checked the database

    As this is a client site, I have temporarily pointed their domain to another page and informed google who have cleared the malware warning. I'm not working on the site at and can't seem to shake the problem.

    Is there anywhere else I should be looking?

  2. esmi
    Forum Moderator
    Posted 4 years ago #

  3. Joe Manna
    Posted 4 years ago #

    Also, double-check that your directories have their permissions set properly. See http://codex.wordpress.org/Hardening_WordPress for more details on how to secure WordPress from future hacks.

    Related, consider using CloudFlare on the domain. It's free and will give you insights on malicious traffic and real traffic beyond Google Analytics. I see that on my site, I garner about 28% of malicious traffic (spammers, bots, crackers, botnets, etc). https://www.cloudflare.com/

Topic Closed

This topic has been closed to new replies.

About this Topic