For one reason or another, your WordPress site may get hacked. Code may be attached to various files throughout the site that could do a wide range of things including site redirection. There are many different types of hacks, however, there are several tools and commands that may prove useful for remediation. If these tools do not re-mediate, then these could serve as a basic framework for customization to fit the current need.
The purpose of this article is identify alternative tools that could assist in infection remediation, not necessarily describe how to use them. The original sites will serve better in that arena.
Here are those tools:
-
Sucuri.net created a tool called wordpress-fix.php to clean a specific type of infection that would look something like this.
Although the tool is no longer available from their site, here it is found at Stackoverflow.com.
Site clean up by <a href="http://sucuri.net">http://sucuri.net</a><br /> This script will clean the malware from this attack: <a href="http://sucuri.net/malware/entry/MW:MROBH:1">http://sucuri.net/malware/entry/MW:MROBH:1</a> <br /><br /> If you need help, contact dd@sucuri.net or visit us at <a href="http://sucuri.net/index.php?page=nbi">http://sucuri.net/index.php?page=nbi</a> <br /><br /> <?php $dir = "./"; $rmcode = `find $dir -name "*.php" -type f |xargs sed -i 's#<?php /\*\*/ eval(base64_decode("aWY.*?>##g' 2>&1`; echo "Malware removed.<br />\n"; $emptyline = `find $dir -name "*.php" -type f | xargs sed -i '/./,$!d' 2>&1`; echo "Empty lines removed.<br />\n"; ?> <br /> Completed.
One or more of these scripts may prove handy either in their current form or modified to fit your needs. Some of these require special access to your server or terminal access. Others do not. Whatever the case may be, these are certainly great resources that may aid in the understanding of how the site may have been compromised to the identification of the compromise to remediation.
