Title: Malware Javascript
Last modified: May 16, 2019

---

# Malware Javascript

 *  Resolved [Andrew Leonard](https://wordpress.org/support/users/andrewleonard/)
 * (@andrewleonard)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/malware-javascript/)
 * Twice now we have been infected by the following code:
    `<script type="text/javascript"
   src="//xxxxxxx.com/apu.php?zoneid=676630" async data-cfasync="false"></script
   >` It gets put into the database and ends up at the bottom of each page and post(
   and also in TablePress) I do not understand how this happens If I restore the
   database, the problem is cured but it re-appears Any advice gratefully received
    -  This topic was modified 6 years, 11 months ago by [Jan Dembowski](https://wordpress.org/support/users/jdembowski/).
      Reason: Removed tag and domain

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Thread Starter [Andrew Leonard](https://wordpress.org/support/users/andrewleonard/)
 * (@andrewleonard)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/malware-javascript/#post-11434011)
 * [@slhatton](https://wordpress.org/support/users/slhatton/)
    Can you get this?
   I agree with you I think we found the code in wp_posts I have a colleague helping
   me who suggested looking at the database I think it would be good for us to communicate
   but I am not sure how
    -  This reply was modified 6 years, 11 months ago by [Andrew Nevins](https://wordpress.org/support/users/anevins/).
      Reason: Email solicitation redacted
 *  [WFGerroald](https://wordpress.org/support/users/wfgerald/)
 * (@wfgerald)
 * [6 years, 11 months ago](https://wordpress.org/support/topic/malware-javascript/#post-11436571)
 * Hey [@andrewleonard](https://wordpress.org/support/users/andrewleonard/),
 * I’m sorry to hear that you’re experiencing this, I know it can be frustrating.
 * Please update your database, (s)FTP, and hosting panel credentials.
 * Also, make sure all software on the site is up to date.
 * If the site is being reinfected after restoring the database it means either 
   it’s not fully restoring before the compromise, or the point of entry is elsewhere.
   My best suggestion would be to get with a hack repair service to have a professional
   clean it, and patch the point of entry.
 * [https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/)
 * Thanks,
 * Gerald

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Malware Javascript’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [WFGerroald](https://wordpress.org/support/users/wfgerald/)
 * Last activity: [6 years, 11 months ago](https://wordpress.org/support/topic/malware-javascript/#post-11436571)
 * Status: resolved