Home Experience & Tips Sharing Standard Post

Standard Post

Record of cleaning the scriptsplatform.com pop-up ad virus from a WordPress website

A boss's website got infected. The specific symptom is that when accessing the website from a computer, it randomly redirects to an ad site. When the computer doesn't redirect, accessing from a mobile phone also redirects to an ad site or pops up an ad prompt tricking you into clicking Allow, then ads keep appearing, and you don't know how to clean them. I have encountered similar viruses before (see previous article: WordPre...

Updated on May 17, 2023 About 2 minutes read

A business owner's website was infected with a virus. The specific manifestation is that when accessing the website from a computer, it randomly redirects to ad websites. When the computer doesn't redirect, accessing the site with a mobile phone also redirects to ad websites, or pops up ad prompts tricking you into clicking 'Allow', after which ads keep appearing, and you don't know how to clean it.

Since I've encountered similar viruses before (see previous article:Solutions for WordPress redirecting to malicious websites after being infected with a trojan virus), cleaning it up this time was quite familiar and not too troublesome. The specific method is as follows:

Detect the virus code on the website

By viewing the website's source code, you can see a string ofhttps://cdn.scriptsplatform.com/scripts/stats.jscode from an unfamiliar website.

After opening the code file, it's a string of obfuscated and encrypted code. Anyway, you can't understand what it is; just know that this file is a virus file.

What we need to do is delete this string of code.

Steps to delete virus files

This virus is relatively mild, as it only inserted code into the wp-blog-header.php file.

So we just need to use the file manager to find this file and delete the extra code. In the image above, the left side is the virus file, and the right side is the normal file.

Finally, visit the website and check the webpage source code; you won't find this code anymore, and the website returns to normal.

Summary

The virus Naiba encountered this time was relatively easy to handle, as it only inserted one file. If ads still appear after treatment, you need to check other files under the website for this virus. If necessary, you can manually reinstall WP once.

If it persists, then you need to check if it has been inserted into the database. If it has been inserted into the database, it's a bit more troublesome, requiring you to delete all the ad code from the database.

How to prevent WordPress from getting infected?

  1. Set a complex password for the website;
  2. Always keep WordPress and Plugins up to date;
  3. Do not install cracked resources;
  4. Do not set simple server passwords (if you are using a VPS)
3.5/5 - (2 votes)
Previous Google Ads Tutorial 2026: A Complete Guide from Account Opening to Search Campaign Creation (Including Billing Settings and Bidding Strategies) Continue reading content around the same timeline. Next How to Clean a Website After It Gets Infected with a Virus on CloudWays View the next related tutorial or experience.

AI Website Building Assistant

🤖
Hello! I am the Naibabiji AI Assistant. How can I help you?
Quick Consultation: