How to Search and Replace Malware Inside WordPress Database

These days hackers often inject the following WordPress tables: wp_posts and wp_options.
From these two, wp_posts is the most abused. That’s because all your site’s pages are getting their data from this location.

If we dig deeper enough, we will find out that “post_content” field contains malicious code – frequently Javascript.

Here’s an example:

  • The following SQL commands may be used to clear any malicious JS:
  • Search and replace database tool for malicious strings: Better Search Replace, Search Replace DB ver. 4.

  • Check users with administrator privileges.
  • Stuck with a hacked website? Get a free security report.