GoDaddy WordPress FixI know there are many WordPress blogs that have been recently infected with Malware, and not only blogs hosted at GoDaddy. A friend today had his WordPress blog hacked and I immediately checked the source code and found a script located before the closed body tag </body>. When his blog would load, it would launch a computer scanning program and minimize the browser immediately.

There are a couple ways to remove this infection and probably the easiest way is to call GoDaddy support. They were very responsive and fixed the issue fast.

How to fix the latest WordPress Hack

If your WordPress blog redirects to a Malware site that looks like Windows-screen that starts to scan your computer, than your site has been infected.

Here are instructions from the Securi Security blog.

  • Download this file to your desktop: http://sucuri.net/malware/helpers/wordpress-fix_php.txt and rename it to wordpress-fix.php. It contains two basic commands to remove the Malware code, and extra empty lines from all your .PHP files on your root directory and all sub directories.
  • Launch FTP and upload “wordpress-fix.php” file to the root directory of your blog. In GoDaddy, that is the /HTML directory (which also contains index.php, wp-login.php etc.
  • Then execute the code with the command: http://yoursite.com/wordpress-fix.php.
  • Delete the wordpress-fix.php file after execution.
  • Note: If you are using a caching plug-in, don’t forget to EMPTY YOUR CACHE, otherwise the Malware will continue to be served to your users, even though you cleaned your .php code.

If your site is not cleaned up after you run it (or you are getting extra empty lines on the top of your files), it means that the script didn’t finish properly. You will need to run it again. If this still doesn’t work, upload it to sub directories (like wp-admin, wp-content and wp-includes) and run directly from there.

For example: http://yoursite.com/wp-admin/wordpress-fix.php , http://yoursite.com/wp-content/wordpress-fix.php, etc.

If you still are running into issues, please contact support at GoDaddy or whoever your hosting company is.

Related Articles:
GoDaddy Addresses WordPress Attacks
WordPress Under Attack Again