Take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.
Thank you. Bad news for me, but great help and advice. Much appreciated and I have taken steps to prevent future hacks.
Hey alibailysitoc,
can you let me know what you did to get rid of this script. I found it too and cannot find from where it comes.
Also I guess other users would then like to know.
Thanks.
Hi, I have same problem, what did you do to get rid of it?
Thanks
Same problem here. Is there already a solution?
THX
Take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.
Hi Steve!
Thanks for the reply but the answer is not very helpful and constructive. As I can tell, some websites are affected. It also affects web pages that have all security settings.
According to my research, all links to external sites are affected.
cornyc: If disabling ALL plugins and switching to the 2017 theme does not remove the issue, then your site is hacked and the information I provided is how you unhack it.
Correct. The site has been hacked. Unhacking from WordPress is not the problem. Also to fix the problem itself. I have programmed a small script, which replaces the malicious code directly in the database table.
I’m wondering how that could happen. This is the only way I can permanently fix the problem and help other users to understand the matter. This way, such hacks can be avoided in the future.
If the stuff is now in the database, then yes, a script needs to be run to remove it.
Guys, I need a script to remove it, who can help?
Hi,
An update!!
Ok managed to get rid of it on both my sites.
Securi Security came to my rescue. WordPress database posts table had all the script injections inside it.
