Pharma Hack - Lookey what I found in wp-options (4 posts)

  1. MaggieMBF
    Posted 3 years ago #

    Found this in the Wp-Options table under option_value in the second row. Can I delete the row w/o any terrible side effects? If this is too long, then please delete it and accept my apologies in advance :)

    [code removed - it's not the length - it's that we don't want hacked code here]

  2. MaggieMBF
    Posted 3 years ago #

    Sorry ! Can I post the first few characters? Would that be helpful or not?

  3. Mark Ratledge
    Forum Moderator
    Posted 3 years ago #

    There is no reason to post any of the hacking code.

    Work your way through these resources and follow all instructions to completely clean your site or you may be hacked again. See FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress « WordPress Codex.

    Change all passwords. Scan your own PC. Use http://sitecheck.sucuri.net/ before and after.

    Tell your web host you got hacked; and consider changing to a more secure host: Recommended WordPress Web Hosting

    If you can't do the work yourself, consider looking for a reputable person to fix it correctly on jobs.wordpress.net or freelancing sites such as Elance. (It's not a good idea to respond to unsolicited emails from forum users offering to work for you.)

  4. MaggieMBF
    Posted 3 years ago #

    @songdogtech - I have done all of that already, and I mean ALL - core WP files new, clean and shiny, plugins deleted and those needed only reinstalled. This is why I found the code in the wp-options, option_value table. I was hoping my find might help others along the way as well. FWIW, all WP and plugins were/are up to date and my passwords are 14 characters with numbers,letters and symbols.

    So does anyone know how to just delete the value that contained the code or, where I might look to find the code that's inserting the value? It's odd that it is still there considering the core WP files are shiny new and the plugins too.

    And my iMac is not infected nor are any others on our home network.

Topic Closed

This topic has been closed to new replies.

About this Topic