Hi @vytaftasv,
We recently added this domain as malicious in our database. If you “START NEW SCAN” on the Wordfence > Scan page, are you offered the option to repair any files in your WordPress installation?
If not, please check your theme files for malicious inclusions. We have seen a case where the code was hidden inside a database option and called from the customer’s theme. Ensure all of your theme and plugin files are up-to-date and let me know.
I may need to provide site-cleaning instructions but was wondering if the source of the redirection code affecting may be picked up in isolation.
Thanks,
Peter.
-
This reply was modified 2 years, 4 months ago by
wfpeter. Reason: Added info to check theme files
Hey @wfpeter , no i dont get any options to repair my files.
I have 6+ websites that got affected by this thing, those websites also have 30+ updates. So im updating all of the plugins and running wordfence scan (didnt find anything yet).
Do you think i will still have bad files/code even after all the updates/scans? If yes, maybe you know specific files or tables where i should look first.
Thanks
Eu também enfrento o mesmo problema. Já exclui o tema, os plugins, fiz uma varredura manual e nada. Não consigo acessar nem o painel.
Hi @vytaftasv, I will provide site cleaning instructions below so that you can cover all bases when looking for the source of the issue.
Follow the checklist here:
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
Make sure and get all your plugins and themes updated and update WordPress core too. If you are on an older branch (WordPress 4.x etc) because you wanted to wait before installing the latest version because of Gutenberg or a custom theme compatibility you still need the latest update in that version. Those can be found here:
https://wordpress.org/download/releases/
WordPress sometimes patches their older releases if they find a vulnerability so make sure to update your version if needed. We, of course, recommend that you update to the latest version.
As a rule, any time I think someone’s site has been compromised I also tell them to update their passwords for their hosting control panel, FTP, WordPress admin users, and database. Make sure to do this.
Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful.
If you are unable to clean this on your own there are paid services that will do it for you. Wordfence offers one and there are others. Regardless if you choose to clean it yourself or let someone else do so, we recommend that you make a full backup of the site beforehand.
Thanks again,
Peter.
Ditto. I responded to related problem here https://wordpress.org/support/topic/wordpress-fatal-error-13/ – it all seems to be lining up to a virus.
Thanks for the extra information @sweetiowa.
Our blog entry above and my site cleaning instructions should assist and provide information on the steps to take if you find yourself needing to deal with this issue.
