I know there are many WordPress blogs that have been recently infected with Malware, and not only blogs hosted at GoDaddy. A friend today had his WordPress blog hacked and I immediately checked the source code and found a script located before the closed body tag </body>. When his blog would load, it would launch a computer scanning program and minimize the browser immediately.
There are a couple ways to remove this infection and probably the easiest way is to call GoDaddy support. They were very responsive and fixed the issue fast.
How to fix the latest WordPress Hack
If your WordPress blog redirects to a Malware site that looks like Windows-screen that starts to scan your computer, than your site has been infected.
Here are instructions from the Securi Security blog.
- Download this file to your desktop: http://sucuri.net/malware/helpers/wordpress-fix_php.txt and rename it to wordpress-fix.php. It contains two basic commands to remove the Malware code, and extra empty lines from all your .PHP files on your root directory and all sub directories.
- Launch FTP and upload “wordpress-fix.php” file to the root directory of your blog. In GoDaddy, that is the /HTML directory (which also contains index.php, wp-login.php etc.
- Then execute the code with the command:
http://yoursite.com/wordpress-fix.php.
- Delete the wordpress-fix.php file after execution.
- Note: If you are using a caching plug-in, don’t forget to EMPTY YOUR CACHE, otherwise the Malware will continue to be served to your users, even though you cleaned your .php code.
If your site is not cleaned up after you run it (or you are getting extra empty lines on the top of your files), it means that the script didn’t finish properly. You will need to run it again. If this still doesn’t work, upload it to sub directories (like wp-admin, wp-content and wp-includes) and run directly from there.
For example: http://yoursite.com/wp-admin/wordpress-fix.php , http://yoursite.com/wp-content/wordpress-fix.php, etc.
If you still are running into issues, please contact support at GoDaddy or whoever your hosting company is.
Related Articles:
GoDaddy Addresses WordPress Attacks
WordPress Under Attack Again
Hi Frank,
One of my sites at GoDaddy was infected and I’d beg to differ in term of how helpful GoDaddy support is. Their basic response to me was:
1. GoDaddy is not responsible for the security of my site on a shared hosting account.
2. They do not have any tools nor could they recommend any tools for scanning my blog to remove malware.
3. They do not scan the shared hosting servers for malware.
4. The only solution they offered was to completely delete the contents of the folder that my WordPress installation was in and restore the contents from an earlier point in time before I noticed the problem.
Didn’t give me a real warm, fuzzy feeling. This has been the norm for the support I have received from GoDaddy. They deny any responsibility unless you can pin them down.
I have also been through two separate incidents of my main blog site being down or extremely slow for 1-2 days at a time. I didn’t change anything and magically it started performing normally again.
I currently have a couple sites now at BlueHost and they have been great and am also looking at HostGator as I have heard very good things about them also.
So I’m glad they were able to help you, but I had a very different experience. Eventually through my own digging I eliminated the problem myself.
Mike,
I am going on what my friend at work experienced. They said the same thing to him about it’s a shared account, but they walked him through the fix in 5 minutes. Sorry your experience wasn’t as pleasant.
Glad you were able to solve it and if you ever need help, please contact me asap.
Hi Frank,
Hope my comment wasn’t too terse. It was definitely not directed at you by any means. Just my frustration with the support people at GoDaddy bubbling to the surface….
Mike,
Not an issue and I appreciate the feedback.
Thanks for sharing this fix.
Andrew,
I am glad to help.
I had the same experience with GoDaddy as Mike, unfortunately. Through digging I found the problems and replaced all the files with those of the upgrade (I was already up to date prior, though) and it did stop the warnings. However I just got hit with a second round of it about a week later. How fun.
Nikki,
I am sorry for all the trouble this has caused you and many others. At least now the host companies are aware of these malicious attempts against WordPress blogs.
So… is anybody else having problems trying to find http://sucuri.net/malware/helpers/wordpress-fix_php.txt? The links at sucuri seems to be to a missing file!
Useful fix, I know someone who has had loads of trouble trying to sort this out so I’ll pass this on
Jason,
Thank you and you have a fine site there.
Is there anything to be done to secure oneself against a hack? Nice with a fix, but even better avoiding the problem:)
Thanks
i will need to run it again. If this still doesn’t work, upload it to sub directories and run directly from there.
Thanks for sharing this fix.
Glad we can help to defend against these attacks.