Obfuscated JavaScript Hacked WordPress
- Malware/Adware: The external script
head.js....could potentially be malicious. It might be used to load additional scripts, display unwanted ads, or perform other actions that could compromise the security of the site or its users. - Cross-Site Scripting (XSS): This type of code can be used in XSS attacks where malicious scripts are injected into trusted websites
how to find in phpmyadmin Search for the Malicious Code
Search for the Code:
- Go to the SQL tab in phpMyAdmin.
- Run the following query to search for the specific malicious code snippet in your posts and pages:
SELECT * FROM `wp_posts` WHERE `post_content` LIKE 'Insert All Code Here %';Instead of searching for the entire script, search for a smaller and unique part of the malicious code. For example, search only for the part that is highly unlikely to appear in legitimate content.
UPDATE `wp_posts`SET `post_content` = REPLACE(`post_content`, 'Insert All Code Here', '')WHERE `post_content` LIKE '%Insert All Code Here';Review the Results:
- Review the results carefully. Ensure that the matches found contain the malicious code snippet and are not legitimate content
Use a More General Cleanup
If you want to ensure that all occurrences of the<script>tag containingevalare removed, you can use the following approach:UPDATE `wp_posts`SET `post_content` = REPLACE(`post_content`, SUBSTRING(`post_content`, LOCATE('<script>', `post_content`),
LOCATE('</script>', `post_content`) - LOCATE('<script>', `post_content`) + LENGTH('</script>')), '')WHERE `post_content` LIKE '%<script>%';
العربية 
English