magefix

Hi there! You should re-install core files manually via FTP. That should solve the problem. An important file might be missing, generating a fatal error.

@cssngroup If you still have troubles running Google Ads, try these:

1. Ask Google Ads support to provide a list with malicious links detected. This way you can research for specific malware removal tutorials.
Direct link: https://support.google.com/adwords/contact/approvals
2. Make sure you perform a thorough cleanup, making sure your site files and database are clean ( very important ).
3. Disable cache locally or any other external cache tools. Make sure you deliver latest content to your visitors – including Google bots.
4. Ask for a re-index via Google search console.
5. Ask for a re-evaluation, following the first link provided.

@jdembowski I will stop posting here, I get your point. However, I guess it wouldn’ve been easier for other users to get a solution since when you type “injection post_content _posts table” on Google, you reach this page.

@webartisan asked me to list some plugins I’m using for the injected sites. So I did. I apologise if it’s against the good practice forum rules.

Hi Mark,

In this case, while browsing the checkout form, after filling ZIP code, the following code snipped changed from:

<p class=”mp_cart_direct_checkout”><input type=”submit” name=”mp_shipping_submit” id=”mp_shipping_submit” value=”Continue Checkout »”></p>
to:
<p class=”mp_cart_direct_checkout”><input type=”submit” name=”mp_shipping_submit” id=”mp_shipping_submit” value=”Continue Checkout »” style=”display: none;”></p>

To correct it, I’ve commented the following code from marketpress/marketpress-includes/js/store.js:

function mp_refresh_shipping() {
   	$("#mp_shipping_submit").hide();
    $("#mp-shipping-select-holder").html('<img src="'+MP_Ajax.imgUrl+'" alt="Loading..." />');
    var serializedForm = $('form#mp_shipping_form').serialize();
    $.post(MP_Ajax.ajaxUrl, serializedForm, function(data) {
      $("#mp-shipping-select-holder").html(data);
    	$("#mp_shipping_submit").show();
    });
  }

@katanga1987 thank you, it works! 🙂
database upgrade prompted after editing “acf_version” row from wp_options table.

PS: If there’s an extra site on this hosting account – like Adam suggested – you might deal with a cross-site contamination. Discuss with your hosting support – ask them if there are any WordPress instances installed – other than one used for lana-turner.com.

Hosting more than two WordPress site within the same shared hosting account is not secure. But hopefully, maybe it’s not your case.

To get rid of that red warning, only after you’ve cleared out the malware, you can:
– verify your website with https://www.google.com/webmasters/tools/home
– Check the “Security issues” section
– Ask for a re-evaluation. It takes aprox. 24 hours for them to complete it.

Hi Johanna,

Folders like wp-includes, wp-admin or wp-content could host potential malicious files. So it’s not only about wp-content.

Malicious files could easily become undetected by any tool. So don’t rely on automated scanners. There are backdoors ( upload scripts ) which look like the legitimate files.

You can download wp-content directory and separately make a new directory called wp-content.

Then you can copy uploads folder – make sure you delete all the PHP files which might be inside. Look for ICO files, some might include malicious code. Add .htaccess file inside uploads folder to prevent PHP execution.

Later you can create plugins & themes. And you can populate these folders with fresh data, downloaded from :
https://ww.wp.xz.cn/plugins/ and
https://ww.wp.xz.cn/themes/meditation/

Adrian