Hi, my site sushil10018.com was claimed hacked on “2017/04/17” by the Death Adders Crew and here is the stepwise guide on what I did to fix through it.
- Updated the wordpress and all the plugins.
- Scanned through the wordpress with wordfence security.
- Plugins:
- Akismet Anti-Spam
- Contact Form 7
- Disqus Comment System
- Flickr Badges Widget
- Google Analytics
- Wordfence Security
- Yoast SEO
- Checked by disabling the javascript in browser and the site worked.
- So searching for javascript which caused the error, tried deactivating all plugins but it didn’t work either.
- Looked for header.php and footer.php
- Deleted both the files to find that it worked, later found out that header.php was causing the issue.
- Deleted the first half of the header.php to find the problem existed.
- Then deleted the other half to find out that it worked, there was some problem in the other half of code.
- Assumed and deleted the line <?php get_sidebar(); ?> and found out that the hack code js was somewhere inside it.
- Then went to appearance > Widgets to see if the code was there.
- To my surprise there was a text widget with following piece of javascript:
- <script>document.documentElement.innerHTML = unescape(‘%3c%74%69%74%6c%65%3e%20%48%61%63%6b%65%64%20%42%79%20%4d%72%20%41%6e%6f%6e%79%6d%6f%75%73%20%28%44%65%61%74%68%20%41%64%64%65%72%73%20%43%72%65%77%29%20%3c%2f%74%69%74%6c%65%3e’);</script>
- Deleted the javascript and refreshed, the page it worked.
- Changed the wordpress password.
Leave a Reply