🚀 Is building a website too difficult? Let me guide you step by step—Learn about the 「Naibabiji WordPress Website Building Coaching Service」 →
🔍 Click Here to Search This Site
Experience and Tips Sharing

Record of cleaning the scriptsplatform.com pop-up ad virus on a WordPress website

📅 May 17, 2023
👤 Lee
⏱️ Reading Time: 1 minute
🔄 Last Updated: May 17, 2023

A client's website was infected with a virus. The specific symptom is that when accessing the website on a computer, it randomly redirects to an ad website. When the computer does not redirect, accessing the site with a mobile phone also redirects to an ad website, or pops up an ad prompt tricking you into clicking 'Allow', after which ads keep appearing, and you don't know how to clean it.

Because I have encountered similar viruses before (see previous article:Solutions for WordPress Redirecting to Malicious Websites After Being Infected with Trojan Viruses), cleaning this time was quite familiar and not too troublesome. The specific method is as follows:

Detecting Virus Code on the Website

By viewing the website's source code, you can see a string ofhttps://cdn.scriptsplatform.com/scripts/stats.jsof unfamiliar website code.

After opening the code file, it's a string of obfuscated and encrypted code. Anyway, you can't understand what it is, just know that this file is a virus file.

What we need to do is delete this string of code.

Steps to Delete Virus Files

This virus is relatively mild, only inserting code into the wp-blog-header.php file.

So we just need to use the file manager to find this file and delete the extra code. In the image above, the left side is the virus file, and the right side is the normal file.

Finally, visit the website, view the page source code, and you won't find this code anymore. The website returns to normal.

Summary

The virus Naiba encountered this time was relatively easy to handle, only inserting into one file. If ads still appear after your treatment, then you need to check other files under the website to see if this virus is present. If necessary, you can manually reinstall WP once.

If it still appears afterwards, then you need to check if it has been inserted into the database. If it has been inserted into the database, it's a bit more troublesome; you need to delete all the ad code from the database.

How to prevent WordPress from getting infected?

  1. Set a complex password for the website;
  2. Always keep WordPress and Plugins up to date;
  3. Do not install cracked resources;
  4. Do not set simple server passwords (if you are using a VPS)

🚀 Still feeling confused after reading the tutorial? Let me guide you step-by-step instead.

「Naibabiji WordPress Website Building Coaching」 — From selecting a domain and purchasing hosting to installing themes and publishing posts, I「ll guide you through every step, helping you avoid detours and reach your goals directly.

👉 Learn about Website Building Coaching Service
🔒

Comments are closed

The comment function for this article is closed. If you have any questions, please feel free to contact us through other channels.

×
二维码

Scan to Follow