Title: Malware attack Last modified: July 16, 2020 --- # Malware attack * [trioprinting](https://wordpress.org/support/users/trioprinting/) * (@trioprinting) * [5 years, 10 months ago](https://wordpress.org/support/topic/malware-attack-7/) * Yesterday, my website was A-okay. Just this morning, I try to open my wordpress dashboard and it will lead me to another website. After following a solution posted on another threads, * “How I fixed it: go to file wp-content delete mu_plugin and go to your database setting under wp_option remove the siteURL and add your own website. Repeat the same in HOME URL. * I can open my website and my wordpress dashboard again. However, when I scan my website on [https://sitecheck.sucuri.net/](https://sitecheck.sucuri.net/). The malware is still there, how can I clear the malware? - This topic was modified 5 years, 10 months ago by [trioprinting](https://wordpress.org/support/users/trioprinting/). * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fmalware-attack-7%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 2 replies - 1 through 2 (of 2 total) * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [5 years, 10 months ago](https://wordpress.org/support/topic/malware-attack-7/#post-13129090) * Get a fresh cup of coffee, take a deep breath and carefully follow [this guide](https://wordpress.org/support/article/faq-my-site-was-hacked/). When you’re done, you may want to implement some (if not all) of [the recommended security measures](https://wordpress.org/support/article/hardening-wordpress/). * If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple. * [pekos562](https://wordpress.org/support/users/pekos562/) * (@pekos562) * [5 years, 10 months ago](https://wordpress.org/support/topic/malware-attack-7/#post-13134046) * I’m pretty sure your wordpress got infected by letsmakeparty3 use SSH and type this to find whether your files still contain their script(js) code `grep -rl' String.fromCharCode(104,116,116,112,115,58,47,47,97,108,108,111,119,46,108,101,116,115,109,97,107,101,112,97,114,116,121,51,46,103,97,47,108,46,106,115,63,100,61,49)'* | wc -l` The above code finds specific text, which is the malicious link, on every of your file. If you want to find which file got infected, remove the ` | wc -l` part. If you got 0, then all of your file should be free from the malicious script. (then i don’t know what should you do next if you keep getting the warning) * If you got at least 1, then some of your file still contain those links. Use security plugin (I use [GOTMLS](https://wordpress.org/plugins/gotmls/)) to scan your website. Fix the files (mine was automatically using that plugin), then the problem should be gone. You can also delete the script manually one by one if you want. * This is the solution I did so far. the solution might be differ from yours - This reply was modified 5 years, 10 months ago by [pekos562](https://wordpress.org/support/users/pekos562/). - This reply was modified 5 years, 10 months ago by [pekos562](https://wordpress.org/support/users/pekos562/). Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Malware attack’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 2 replies * 3 participants * Last reply from: [pekos562](https://wordpress.org/support/users/pekos562/) * Last activity: [5 years, 10 months ago](https://wordpress.org/support/topic/malware-attack-7/#post-13134046) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics