Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?
Closed 6 years ago.
Improve this questionI've twice had my site's url changed in the database. This is the only piece of data being altered. Whoever is doing this is then redirecting the site to a script at this location:
somelandingpage [dot] com/3gGykjDJ?frm=script
I've tried preventing XSS and have checked/updated every single plugin and I cannot figure out how this is happening. Any ideas?
Closed. This question is off-topic. It is not currently accepting answers.Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?
Closed 6 years ago.
Improve this questionI've twice had my site's url changed in the database. This is the only piece of data being altered. Whoever is doing this is then redirecting the site to a script at this location:
somelandingpage [dot] com/3gGykjDJ?frm=script
I've tried preventing XSS and have checked/updated every single plugin and I cannot figure out how this is happening. Any ideas?
Share Improve this question edited Mar 2, 2019 at 16:29 fuxia♦ 107k39 gold badges255 silver badges461 bronze badges asked Mar 2, 2019 at 16:07 DaveDave 12 bronze badges 1- 1 Probably there is some backdoor left on your site. You have to find it, disable it and secure your site for future. – Krzysiek Dróżdż Commented Mar 2, 2019 at 17:24
2 Answers
Reset to default 1YOu need to deeply look throughout your site for the 'infection'/malware code. This would include the following steps:
- update everything (WP, themes, plugins)
- change credentials on everything (hosting, FTP, admin-level users)
- create a new admin user, log in as it, then delete the user called 'admin' (or demote to 'subscriber')
- look at all folders for files that shouldn't be there. This is somewhat easier if you sort the file list by date, looking for outliers (since you updated everything, the 'good' files should have the same date/timestamp).
I've put together a procedure I use to clean up a site. It takes a while, but can be done. There are other similar resources available via your favorite search engine.
Here is how to fix this:
- Log onto your PHPMyAdmin.
- Head to wp_options On line 1 (siteurl) you will notice the 'somelandingpage [dot] com/3gGykjDJ?frm=script' address. Simply edit this line and replace the address with the correct one for your site (Copy the same you see on line 2, generally something like: https://yoursite)
- This should get rid of the "redirection" and you should be able to log onto your Wordpress Admin Dashboard, from there make sure to update to the latest Wordpress version and update all your plugins accordingly.
Hope this helps and saves some of you some time :)