How to clean cd.privacylocationforloc.com injections

This week aprox. 500 websites were found to be infected with cd.privacylocationforloc.com redirect malware.
Other malicious URLs found:
cd.privacylocationforloc.com/footer.js?type=fmdh
cd.privacylocationforloc.com/track/java.js
cd.privacylocationforloc.com/track/zls.js
cd.privacylocationforloc.com/track/trend

Need help? Let us clean your site.


To clean your site, follow these steps:

1. Stay calm.
2. Backup your site ( files and database ): https://wordpress.org/support/article/wordpress-backups/
3. Manually set siteurl and home data, using wp-config.php ( after this, you should have restored dashboard access )

define( 'WP_HOME', 'http://example.com' );
define( 'WP_SITEURL', 'http://example.com' );

4. Remove unauthorized admin users: https://easywpguide.com/wordpress-manual/users/deleting-a-user/
5. update core files, plugins and theme ( important )
6. Change “home” and “siteurl” using phpMyAdmin.

Optional: change database password, remove FTP accounts which you don’t need, change cPanel login information.

If your WordPress posts are injected with malicious Javascript:

<script src="https://cd.privacylocationforloc.com/footer.js?type=fmdh"

then you can run this SQL query:

 UPDATE wp_posts SET post_content = REGEXP_REPLACE(post_content, '<script(.*?)>((.|\n)*?)<\/script>', ''); 

Other malicious URLs recently reported:
https://cd.privacylocationforloc.com/footer.js?type=fmdhnbgewrfx&

Try our Free site check.