Hi,
My site seems to get hacked at roughly weekly intervals. Mostly existing links are replaced by links to advertising sites. Anti-Malware successfully ‘removes’ the malware such that the pages are now delivered with their correct links.
Before using Anti-Malware I downloaded the WordPress site to my Windows desktop. I wrote a script to then search for malware. This I categorised as ‘probable malware’ (e.g. ’clksite’, ‘adfly’ and ‘remarketing’) or possible malware ( e.g. ’eval(‘ and ‘<script’).
Before the first infection my scan showed 1 (probable) and 7 (possible) items of malware in the SQL dump of the mysql database.
After the first infection my script picked up 715 items of probable malware and 721 of possible malware in the database. After running Anti-Malware, and quarantining and deleting the malware these figures dropped to 185 (probable) and 191 (possible).
After each subsequent infection the counts jumped and dropped a little after running Anti-Malware. Upon re-checking with Anti-Malware – no malware was reported.
I’m puzzled as to why I still detect malware in the database – is there any way of removing it?
Many Thanks
Kirby
If you can send me those ‘<script’ tags which are not being removed by my plugin then I will add them to my definition updates so that they will be automatically removed in future scans.
Also, if you are still getting database injections on a regular basis I would suggest that you focus on hardening your DB security on your server. Start by changing your DB_PASSWORD and updating your wp-config.php to match. If that does not stop these injections and your host has no other security to offer then I would suggest moving your site to a move secure hosting environment.
