Wordpress malware removal tips and help

This post will be updated as time goes on but let's start. With Wordpress when plugins are vulnerable and the issues become public it can take minutes for sites to become infected. It's a sad thing about Wordpress being so large.

This post is about Wordpress Javascript redirect injected code and how to kinda help find it. In a lot of cases it's injected into the template files so if you remove and add your theme again it can usually fix it. But this can cause problems and sometimes it's not in the theme files but the theme config on Wordpress in the widget blocks.

A good idea is to disable any plugins you don't use and make sure they are not a cause before messing around with the files that control the look of your site, but if you are unable to find it in any widget blocks or plugins getting disabled are not solving your problems you will want to SFTP in and check files manually.

Here are some files to manually check:

  • header.php: Current Theme header file
  • footer.php: Current theme footer file
  • wp-blog-header.php

You are looking for hard linked JS scripts usually with a URL you don't know. If you are unsure view the JS in a online preview tool https://codebeautify.org/source-code-viewer to view the source without opening the file.