If you have been infected with a type of WordPress malware that embeds malformed JAVASCRIPT code (which causes malformed redirects and other behavior) in a large number of posts, we will explain how to remove this code.


Incorrect JAVASCRIPT code in numerous WordPress posts

This type of malware continuously embeds large amounts of malicious JAVASCRIPT code in the data of database posts via a backdoor.
For example, it may embed the following JAVASCRIPT code to send users to a malicious site, or it may delay detection by recording access times in cookies so that it only works in rare cases.

<!--codes_iframe-->

<script type="text/javascript"> function getCookie(e
The incorrect code continues
,document.write('<script src="' src '"><\/script>')} </script>
<!--/codes_iframe-->

The sheer volume of this malware makes it a difficult type of malware to remove manually.

Let’s see how to mechanically remove this huge amount of malware. ( Please be sure to backup your database before trying this )

How to get rid of it Bulk Replace by plugin

The Search Regex plug in searches for various strings in the data of WordPress posts and replaces them all at once.

After installing and activating this plugin, go to the Tools > Search Regex screen in the WordPress administration screen and select the malware string you wish to replace in the search string and the replacement string should be a single space.

After this, click the Replace All button to complete the batch replacement.

What if we get rid of the incorrectly embedded JAVASCRIPT?

Even after successful disinfection, we still need to remove the cause that made it possible to embed this string.
As an example, the following causes could have been tampered with by hackers

1 Seizure of WordPress administrator privileges → change the administrator’s password
2 Vulnerability of plugins, etc. → Update WordPress and plugins and perform vulnerability checks
3 Backdoor -> There may be a program embedded in the site to illegally rewrite the database. We will perform a malware inspection.

It is also recommended to install security plug-ins.
What security experts recommend in a WordPress security plugin

Related Posts:

  1. How to find JAVASCRIPT Injection in WordPress
    If your WordPress site has been hacked and you think you have removed the tampering, but the site still redirects (forcibly) to another site, the malformed JAVASCRIPT code may still be there somewhere....
  2. 10 files in which malformed JAVASCRIPT code is embedded when WordPress is tampered with.
    This section describes a file in which redirect hack code is often embedded, which causes a WordPress-created site to jump to another site when accessed (redirect)....
  3. Example of database tampering with a redirect hack that causes a site to jump to another site
    Redirect hacks that cause a site to jump to another site (often a malicious software download, a fake e-commerce site, or a site that makes you click on a robot authentication) are not only tampering with files, but also getting into the database. Here are some examples of database malware tampering and how to deal with them....
  4. Can the WordPress database be tampered with or infected by malware?
    Most WordPress malware and tampering is done to program files, and only rarely is the database tampered with. However, when a database tampering vulnerability is found in a very popular plugin, database tampering (known as SQL injection) hacking can become an epidemic....
  5. Redirect hack that takes you to another site when you click on a link on a WordPress site.
    A redirect hack is a type of tampering in which a hacker alters site data or theme files to force users to go to a page that the hacker wants them to go to instead of the page they originally wanted to see. The following is an explanation of a common example of a redirect hack, in which clicking on...
  6. Five types of malware embedded in WordPress
    Here are some of the types of malware embedded in WordPress that are common these days. If similar code is included in the site’s program, we suspect that WordPress has been hacked and tampered with....