How To Remove WordPress Database Malware

While not one of the most common hacks, a WordPress Database hack we see in about 10-20% of Malware cleans we do.

A Database hack generally happens when a plugin or theme is vulnerable to SQL injection and is exploited.

You either end up with javascript tags being injected into all of your posts or SEO Spam being injected in hidden divs into all your posts.

Cleaning up a hidden DIV injection can be a pain depending on how many posts you have since, generally the content is injected randomly and needs some care in removing (though we have developed a DB clean script to automate this process for customers).

Let’s focus specifically on a Javascript injection as we can clean these up pretty quickly with a little SQL knowledge.

Step 1: First you need to identify the code that is being injected. This is easily done with a Website Malware Scan

Step 2: Login to your hosting control panel, find PHPMyAdmin and click on it.

Step 3: Export your Database so you have a backup if anything goes wrong. Check the “save as file” option and save it to your PC.

Step 4: With the snippet you got in step 1 create the following SQL Replace statement replacing BADCODESNIPPET with the snippet

UPDATE wp_posts SET post_content = REPLACE(post_content, 'BADCODESNIPPET', '') 
WHERE post_content LIKE ('BADCODESNIPPET');

This assumes your database is setup with the default wp_ prefix in your database. (90% of the time it is).

If it is not, you will need to replace the wp_posts with the correct prefix your DB is using.

Once you have removed the bad code, make sure you clean your WordPress Cache if you are using any caching plugin such as Total Cache or Super Cache as the pages generated before removing the code will still have the injection in it until the cache is re-created.

Be sure to update your themes and plugins when you are done as well or the re-injection may continue to happen.

 

follow and like us:
Author :

0 thoughts on “How To Remove WordPress Database Malware

Leave a Reply