admin管理员组

文章数量:1415645

Closed. This question is off-topic. It is not currently accepting answers.

Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?

Closed 5 years ago.

Improve this question

This is my site - (redacted site URL with malware from an XSS exploit - for security reasons)

I created this website in wordpress and suddenly realized malware in my site after google ads stopped and warned me.

Below are the malwares found by sucuri sitecheck.

<script type="text/javascript" src="//deloplen/apu.php?zoneid=2694107" async data-cfasync="false"></script> 
<script src="//pushlaram/ntfc.php?p=2694112" data-cfasync="false" async></script>
Closed. This question is off-topic. It is not currently accepting answers.

Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?

Closed 5 years ago.

Improve this question

This is my site - (redacted site URL with malware from an XSS exploit - for security reasons)

I created this website in wordpress and suddenly realized malware in my site after google ads stopped and warned me.

Below are the malwares found by sucuri sitecheck.

<script type="text/javascript" src="//deloplen/apu.php?zoneid=2694107" async data-cfasync="false"></script> 
<script src="//pushlaram/ntfc.php?p=2694112" data-cfasync="false" async></script>
  • security
Share Improve this question asked Aug 14, 2019 at 4:56 Anh KimAnh Kim 231 silver badge4 bronze badges
Add a comment  | 

1 Answer 1

Reset to default 3

  1. Make a backup of everything you have left, especially your database and wp-content folder. Some hosts simply delete hacked websites and you don't want to lose your entire work to this.

  2. Talk to your hosting company. Good quality providers have staff at hand who know their way around the hosting environment and might be able to fix things for you. Plus, the hack might be due to server insecurity, so they need to deal with that.

  3. Scan your local computer to make sure the hack didn't originate from there.

  4. Restore from backup. If you have an uncompromised backup of your site, go back to that version and follow the advice below on locking down your site via password changes, updates, and extra hardening. If not, continue.

  5. Change all your passwords to the back end and force all other admin users to do the same, e.g. via https://wordpress/plugins/expire-passwords/. While you are at it, check if there are any users on your site that don't belong there.

  6. Install https://wordpress/plugins/sucuri-scanner/ and have it scan all WordPress core files for integrity. Alternatively, use external scanners below.

  7. Replace the compromised files with their originals. The easiest way is usually to simply re-install WordPress. You can do this from the back end or manually. Update your plugins and theme. Delete those that you are not using.

  8. Replace your SALTs inside wp-config.php. https://api.wordpress/secret-key/1.1/salt/

  9. Change your password once more and all other important credentials: Hosting account login, FTP login, MySQL database password, admin email address password.

  10. Implement additional security measures: https://wordpress/support/article/hardening-wordpress/

  11. Re-run security checks so you know you haven't missed anything.

External scanners:

  • Unmask Parasites
  • Web Inspector
  • Norton Safe Web
  • Quttera
  • Scan My Server
  • Virus Total

本文标签: securityHow to remove javascript malware in wordpress site

版权声明:本文标题:security - How to remove javascript malware in wordpress site 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745243058a2649429.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。