SiteURL hack mytemplatewebsite[.]com/0.js

Last updated: June 04 2019

We’ve been fixing lots of sites lately, which have siteurl value changed to either:

This hack is a result of the WP GDPR Compliance vulnerability.

To prevent further data loss, you should first backup your database & site files.

Second, you should revert the changes made on wp_options table ( siteurl value ). In most cases, siteurl and home should be the same.

Here are some good tutorials for siteurl change:

Change WordPress Site URL Via phpMyAdmin:
Change and Update WordPress URLS in Database When Site is Moved to new Host:

Siteurl should be changed manually, editing site’s database table wp_options. Look for a record where option_name is equal to “siteurl“.
Note: Changing siteurl using wp-config.php values is not recommended in this case – database will remain infected.

Lastly, you need to make sure that other tables are not affected by the siteurl hack. To do that, you’ll need to use a search and replace tool.

Make sure .htaccess file is malware free – best way to do that is to replace its content with the default source code.

Useful links:
Sucuri labs, Side Effects of the Site_url Hack:
Sucuri scanner:
Cleanup plans:

Let us clean your site