Title: angelwp's Replies | WordPress.org

---

# angelwp

  [  ](https://wordpress.org/support/users/angelwp/)

 *   [Profile](https://wordpress.org/support/users/angelwp/)
 *   [Topics Started](https://wordpress.org/support/users/angelwp/topics/)
 *   [Replies Created](https://wordpress.org/support/users/angelwp/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/angelwp/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/angelwp/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/angelwp/engagements/)
 *   [Favorites](https://wordpress.org/support/users/angelwp/favorites/)

 Search replies:

## Forum Replies Created

Viewing 12 replies - 1 through 12 (of 12 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Spectra Gutenberg Blocks – Website Builder for the Block Editor] Form block: Phone Country code defaulting to UK](https://wordpress.org/support/topic/form-block-phone-country-code-defaulting-to-uk/)
 *  [angelwp](https://wordpress.org/support/users/angelwp/)
 * (@angelwp)
 * [4 years, 5 months ago](https://wordpress.org/support/topic/form-block-phone-country-code-defaulting-to-uk/#post-15223258)
 * Hello!, its there a way to do it manually via code to change the default option
   to be UK?, thank you in advance!
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [How to find and delete backdoor PHP/ccqqji.](https://wordpress.org/support/topic/how-to-find-and-delete-backdoor-php-ccqqji/)
 *  Thread Starter [angelwp](https://wordpress.org/support/users/angelwp/)
 * (@angelwp)
 * [8 years, 7 months ago](https://wordpress.org/support/topic/how-to-find-and-delete-backdoor-php-ccqqji/#post-9632057)
 * Hello jackie!!, wow! thanks for the really fast reply!!
    i can talk spanish too
   or english, whatever fits you better indeed i use layerslider in some of my websites,
   and i had this problem since a lot of months now, but it cease the last almost
   4 months hosting is shared, yes i have wordfence installed in the websites
 * actually wordfence is helping me monitorin the websites, wordfence detect this
   
   Critical Problems:
 * * File appears to be malicious: wp-content/plugins/LayerSlider/helpers/khvulaty.
   php
 * i have already delete the script (for afraid, hehe), but is a hint, 4 months 
   before was the same problem, every 2 days i have to be cleanin my websites of
   this kind of scripts or they take all my server down!
 * love this kind of communities, i hope i can be helping too, i already help people
   in social media groups but with basics, configurations or css stuff
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Virus](https://wordpress.org/support/topic/virus-34/)
 *  [angelwp](https://wordpress.org/support/users/angelwp/)
 * (@angelwp)
 * [8 years, 7 months ago](https://wordpress.org/support/topic/virus-34/#post-9631910)
 * [@abletec](https://wordpress.org/support/users/abletec/) Hello!, i have all day
   reading your answers in differents topics!, i have a already create my topic,
   title: How can i find and delete backdoor, i hope you can help me 🙁
    it’s good
   to see how there are people as dedicated as you helping out other developers
    -  This reply was modified 8 years, 7 months ago by [angelwp](https://wordpress.org/support/users/angelwp/).
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Hacker registered user](https://wordpress.org/support/topic/hacker-registered-user/)
 *  [angelwp](https://wordpress.org/support/users/angelwp/)
 * (@angelwp)
 * [8 years, 7 months ago](https://wordpress.org/support/topic/hacker-registered-user/page/2/#post-9627667)
 * indeed [@pemitchell](https://wordpress.org/support/users/pemitchell/), i was “
   clean” for almost 4 months, from cleaning every 3 – 4 days, the way ir works 
   for me, since today, was:
 * -Remove infected code detected by Wordfence
    -Manually check the project for 
   weirds .php files and delete them -Manually check code with “edit” option from
   cpanel because some malicious code was encrypted -Clean the cookies as our friend
   pemitechel says, in wp-config and use the salt link provided from wordpress -
   Change cPanel password -Monitor daily the server processes and there pop ups 
   some php scripts, manually search them and delet them too
 * with this was clean for almost 4 months
 * But now i got a message from wordfence with this:
    Critical Problems:
 * * File appears to be malicious: wp-content/plugins/revslider/css/ymjuehdi.php
 * * File appears to be malicious: wp-content/uploads/2017/04/rhbqlccc.php
 * same way as before but it looks like was only 1 website, and no all of them as
   usual
 * this kind of injected code how can be done?, no new users on the website
 * can´t find the security hole
    -  This reply was modified 8 years, 7 months ago by [angelwp](https://wordpress.org/support/users/angelwp/).
      Reason: important one
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Contact Form 7 reCAPTCHA Extension] ReCaptcha stopped working – mails not sent anymore](https://wordpress.org/support/topic/recaptcha-stopped-working-mails-not-sent-anymore/)
 *  [angelwp](https://wordpress.org/support/users/angelwp/)
 * (@angelwp)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/recaptcha-stopped-working-mails-not-sent-anymore/#post-9510927)
 * Having the same issue, some i read in other topics was simple remove recaptcha
   couse is not working, can´t find a way to make it work, it was working before:/
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Contact Form 7 reCAPTCHA Extension] contact form 7 + recaptcha not working](https://wordpress.org/support/topic/contact-form-7-recaptcha-not-working-3/)
 *  [angelwp](https://wordpress.org/support/users/angelwp/)
 * (@angelwp)
 * [8 years, 9 months ago](https://wordpress.org/support/topic/contact-form-7-recaptcha-not-working-3/page/2/#post-9510924)
 * Still nothing? already tried all the posible solutions in this topic and can´
   t get it work in any browser 🙁
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [How Do I Fix A Code Injection Hack?](https://wordpress.org/support/topic/how-do-i-fix-a-code-injection-hack/)
 *  [angelwp](https://wordpress.org/support/users/angelwp/)
 * (@angelwp)
 * [8 years, 11 months ago](https://wordpress.org/support/topic/how-do-i-fix-a-code-injection-hack/#post-9292192)
 * Eeeeeeehhhh…. i guess here is a little misunderstood, i dont want to get my site
   clean for “free”, i want to know HOW to do it, share experiencies, etc, doesnt
   is this forum to???
 * i say that with the idea if someone has acomplishe a full clean in a server by
   him or herself, thats all…
 * only want to know how to correctly check my databases, or where i can ask this?…
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [How Do I Fix A Code Injection Hack?](https://wordpress.org/support/topic/how-do-i-fix-a-code-injection-hack/)
 *  [angelwp](https://wordpress.org/support/users/angelwp/)
 * (@angelwp)
 * [8 years, 11 months ago](https://wordpress.org/support/topic/how-do-i-fix-a-code-injection-hack/#post-9291204)
 * Hello, got the same problem, clean all the files and keep and eye on cpu usage
   and procceses, you can see there scripts that Wordfence CAN´T find,
 * the big question is, how can we clean the database?, and… how can i know if it
   is infected????? :/
 * already done ALL the guides and still getting code injected, dont know if anyone
   can make a full clean without spent a cent in premium security packages
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Website Hacked with SEO Spam – Viagra Entry in WP DB](https://wordpress.org/support/topic/website-hacked-with-seo-spam-viagra-entry-in-wp-db/)
 *  [angelwp](https://wordpress.org/support/users/angelwp/)
 * (@angelwp)
 * [8 years, 11 months ago](https://wordpress.org/support/topic/website-hacked-with-seo-spam-viagra-entry-in-wp-db/#post-9289338)
 * Sorry, but, the problem was solved?
    SELECT * FROMgermanpearls_com.wp_y2u57c_optionsWHERE(
   CONVERT(option_idUSING utf8) LIKE ‘%viagra%’ OR CONVERT(option_nameUSING utf8)
   LIKE ‘%viagra%’ OR CONVERT(option_valueUSING utf8) LIKE ‘%viagra%’ OR CONVERT(
   autoloadUSING utf8) LIKE ‘%viagra%’) was indeed malware???
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Hacker registered user](https://wordpress.org/support/topic/hacker-registered-user/)
 *  [angelwp](https://wordpress.org/support/users/angelwp/)
 * (@angelwp)
 * [8 years, 11 months ago](https://wordpress.org/support/topic/hacker-registered-user/page/2/#post-9289214)
 * if i find something liek this in Data Base, should i delete it?
    SELECT * FROM`
   db_fppv`.`wp_posts` WHERE (CONVERT(`ID` USING utf8) LIKE ‘%eval%’ OR CONVERT(`
   post_author` USING utf8) LIKE ‘%eval%’ OR CONVERT(`post_date` USING utf8) LIKE‘%
   eval%’ OR CONVERT(`post_date_gmt` USING utf8) LIKE ‘%eval%’ OR CONVERT(`post_content`
   USING utf8) LIKE ‘%eval%’ OR CONVERT(`post_title` USING utf8) LIKE ‘%eval%’ OR
   CONVERT(`post_excerpt` USING utf8) LIKE ‘%eval%’ OR CONVERT(`post_status` USING
   utf8) LIKE ‘%eval%’ OR CONVERT(`comment_status` USING utf8) LIKE ‘%eval%’ OR 
   CONVERT(`ping_status` USING utf8) LIKE ‘%eval%’ OR CONVERT(`post_password` USING
   utf8) LIKE ‘%eval%’ OR CONVERT(`post_name` USING utf8) LIKE ‘%eval%’ OR CONVERT(`
   to_ping` USING utf8) LIKE ‘%eval%’ OR CONVERT(`pinged` USING utf8) LIKE ‘%eval%’
   OR CONVERT(`post_modified` USING utf8) LIKE ‘%eval%’ OR CONVERT(`post_modified_gmt`
   USING utf8) LIKE ‘%eval%’ OR CONVERT(`post_content_filtered` USING utf8) LIKE‘%
   eval%’ OR CONVERT(`post_parent` USING utf8) LIKE ‘%eval%’ OR CONVERT(`guid` USING
   utf8) LIKE[…]
    -  This reply was modified 8 years, 11 months ago by [angelwp](https://wordpress.org/support/users/angelwp/).
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Hacker registered user](https://wordpress.org/support/topic/hacker-registered-user/)
 *  [angelwp](https://wordpress.org/support/users/angelwp/)
 * (@angelwp)
 * [8 years, 11 months ago](https://wordpress.org/support/topic/hacker-registered-user/page/2/#post-9289036)
 * How can i scan my DB ??
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Hacker registered user](https://wordpress.org/support/topic/hacker-registered-user/)
 *  [angelwp](https://wordpress.org/support/users/angelwp/)
 * (@angelwp)
 * [8 years, 11 months ago](https://wordpress.org/support/topic/hacker-registered-user/page/2/#post-9288903)
 * Hello, im kinda in the same situation, im doing cleaning etc every 4 days, has
   anyone been able to stop the attacks?

Viewing 12 replies - 1 through 12 (of 12 total)