Other Options To Remove WordPress Malware

By / 2 minutes of reading

Table Of Contents
  1. Remove Malware From A Database
  2. Removing Malware From Files
  3. Replace WordPress Core Files
  4. Delete Your Cache Files

I found some other options to clean malware out of a WordPress infected site. I still prefer the way I originally did it because I can see and verify the results before committing and undo it immediately if it didn’t go the way I anticipated. These other methods require restoring the database or files if you mess it up.

Stack Exchange had the most complete information on removing this from both the database and from the content of your files.

INFECTION EXAMPLE:

<script src='https://subdomain.xxxxxxx.tld/stat.js?n=ns1' type='text/javascript'></script>

Remove Malware From A Database

To be run from phpMyAdmin under the ‘SQL’ tab
(Edit them to fit your needs.)

UPDATE tn_posts SET post_content = REPLACE (post_content, "<script src='https://temp. lowerbeforwarden. ml /temp. js?n=nb5' type='text/javascript'></script>", '');

This one tests the content first.
Hat Tip: https://www.safalshrestha.com.np/wordpress-hacked/

UPDATE tn_posts SET post_content = REPLACE(post_content, "<script src='https://temp. lowerbeforwarden. ml/temp. js?n=ns5' type='text/javascript'></script>", '') WHERE post_content LIKE '%lowerbeforwarden%';

Removing Malware From Files

Using grep at the command line to remove WordPress malware

Check for the existence of the malware
(Edit the name to fit your situation)

grep -rlF "lowerbeforwarden"

Clean files via command line grep tool. Test for the existence of the string “lowerbeforwarden” and removes it if it exists.

grep -rlF "lowerbeforwarden" | xargs sed -i "s/<script type='text\/javascript' src='https:\/\/scripts.lowerbeforwarden.ml\/src.js?n=nb5'><\/script>//g"

Replace WordPress Core Files

The best way to replace WordPress Core files is with the Admin Dashboard. Go to ‘Dashboard’, select ‘Update’, and click on “Re-install Now”.

Other options to remove wordpress malware

When you aren’t in a position to login directly to the WordPress admin dashboard the procedure described here works.

Overwrite the WordPress core files excluding the wp-content folder.
Follow these basic steps:

  1. Download latest WordPress version from here – WordPress Releases
  2. FTP or SFTP upload your WordPress zip file to the root folder of your website
  3. Unzip it (use your FTP client or command line via SSH) and delete the wp-content folder from within the folder named wordpress. Command line example: unzip file_name.zip
  4. Select and move all the remaining folders and files to the root folder. If asked to overwrite then it’ll be a yes or OK.
  5. And there you have it. Your WordPress core files are clear of any viruses or malware.

Delete Your Cache Files

Using a plugin is the preferred method, but you can also delete the cache files within the cache folder at wp-content/cache. (at your own risk)

(Visited 519 times, 1 visits today)

Related Noogies

Disclaimer

Technoogies.com has made every effort to ensure that the information provided is correct but is not advice. Technoogies will not accept any responsibility or liability for any errors or omissions. Technoogies Authors do not vouch for third party sites. Visit third party sites at your own risk. Technoogies is not directly partnered with any vendor or third party. This website uses cookies only for analytics and basic website functions. Technoogies does not accept any liability that might arise from accessing the data presented on this site. Links to internal pages promotes the content of Technoogies. This article does not constitute legal advice.

Disclosure of Affiliations

Technoogies.com is affiliated with Google, Amazon, and other advertisers. Running this site costs money and if it can’t sustain itself through ad's, it’ll go bye-bye. Please help me to keep that from happening with your patronage of ads that are of interest to you.

Technical Nuggets of Knowledge
Scroll to Top