Comments on: How To Completely Clean Your Hacked WordPress Installation

By: Michael VanDeMar

Michael VanDeMar — Thu, 09 Feb 2012 15:57:58 +0000

@Tony – regarding all of your sites on the same host, with most shared hosting accounts that let you host multiple sites under one account that is what will happen… one gets hit, they all get hit.

By: Tony Payne

Tony Payne — Thu, 09 Feb 2012 10:48:11 +0000

All my sites got infected with a decode_base64 script in the last 3 weeks and I am trying to save everything. It’s a slow process. This article took me a while to find, but I am hoping the tips will help.

I tried to manually clean the php files from Filezilla, and like so many others, within hours they were modified again. Now it seems every “

I am hoping to get into my site to export the database as xml, so I can rebuild it on a new host. I do have an SQL export, but not a WP export unfortunately.

It just proves you can never have enough backups, and in this case ALL my domains on the host caught the same infection.

By: Tipster

Tipster — Mon, 23 Jan 2012 17:50:09 +0000

Hi,

one of my blogs is infected by Trojan.JS.Iframe.ARU (Engine A)
Does anyone know if there is a plugin that can helps me to remove or check the wordpress installation ?
Thanks

By: Martina

Martina — Thu, 05 Jan 2012 12:35:19 +0000

Hi everyone,
I really need help! I have a new website for my business, few days ago I noticed on the footer the line sayin sintax error footer.php line 3. I checked with an antivrus plugin and coming up with virus, so I update wordpress, I change all my passwords and delate all the pages,plugin,post,pictures,everything (i have a backup)
But still there is that line and the home page layout is messed up.
What can I do? Do i have to delate something from the cpanel?
Sorry I am very new to these things!
Thak you !
Martina

By: Michael VanDeMar

Michael VanDeMar — Sun, 01 Jan 2012 22:31:12 +0000

Cathy, that is something that I can usually fix, but how I fix it depends on how they got there in the first place and what the underlying cause of the character conversion is, and what, if anything, you did already to attempt to fix them. Feel free to hit me up via my contact form if you need help cleaning them out.

By: Cathy B.

Cathy B. — Sun, 01 Jan 2012 16:14:46 +0000

this is very good info however i was wondering if you had any insight on special characters showing up in posts? i have searched high and low, got some instruction on how to delete them from my cpanel with no success. help! if you can. I do not want to delete my whole blog of two years work.

By: Michael VanDeMar

Michael VanDeMar — Tue, 13 Dec 2011 22:31:15 +0000

@Jordan, No problem, glad I could help.

By: Jordan Redhawk

Jordan Redhawk — Tue, 13 Dec 2011 22:24:26 +0000

Ah, Michael, you’re a lifesaver! Thanks for the handy tip. I was NOT looking forward to editing 103 pages to correct those silly apostrophes!

By: What a Mess! | In Shadows

What a Mess! | In Shadows — Tue, 13 Dec 2011 18:12:41 +0000

[...] How to completely clean your hacked WordPress installation was another good one – not as labor intensive, but it brought up things I hadn’t considered, and made me more aware of what I was doing. (It’s always good to be aware of what you’re doing when your digging into code!) [...]

By: Tim Lucas

Tim Lucas — Sat, 03 Dec 2011 23:09:47 +0000

Just wanna say a big thank you to Michael for rescuing my blog. Excellent service at a fair price too!