How to clean injections

This week aprox. 500 websites were found to be infected with redirect malware.
Other malicious URLs found:

Need help? Let us clean your site.

To clean your site, follow these steps:

1. Stay calm.
2. Backup your site ( files and database ):
3. Manually set siteurl and home data, using wp-config.php ( after this, you should have restored dashboard access )

define( 'WP_HOME', '' );
define( 'WP_SITEURL', '' );

4. Remove unauthorized admin users:
5. update core files, plugins and theme ( important )
6. Change “home” and “siteurl” using phpMyAdmin.

Optional: change database password, remove FTP accounts which you don’t need, change cPanel login information.

If your WordPress posts are injected with malicious Javascript:

<script src=""

then you can run this SQL query:

 UPDATE wp_posts SET post_content = REGEXP_REPLACE(post_content, '<script(.*?)>((.|\n)*?)<\/script>', ''); 

Other malicious URLs recently reported:

Try our Free site check.