When we clean WordPress sites, infected posts and pages occur most of times. This way hackers build links and articles to non-relevant sites: pills, replica products, essay writing, etc ( SEO spam ).
There are two types of injections:
-
- Repetitive strings which can be replaced easily using a search & replace script. Example:
<script src='hxxps://blueeyeswebsite[.]com/ad.js' type='text/javascript'></script>
-
- Strings which differ from one post to another by few characters – making more difficult to apply search and replace technique. Example:
<script language="javascript" type="text/javascript" src="hxxp://www.mde86[.]org/jquery.min.Js"></script><div id="N2by9Zr3" style="display:none"><script language="javascript" type="text/javascript" src="hxxp://js.users[.]51[.]la/18658151.js"></script>
Tools for search and replace:
Notepad++ ( good for database cleanup ): https://notepad-plus-plus.org/
Better search & replace: https://wordpress.org/plugins/better-search-replace/
Search Replace DB ( WordPress admin access not needed ): https://interconnectit.com/products/search-and-replace-for-wordpress-databases/