Help! Malicious code injected in posts
-
I have a WordPress blog (clodjee.com) hosted by Internic.ca
Last week, I discovered that my blog had been hacked and that malicious code was injected in everyone of my 1500+ posts. It was causing a redirect that crippled the blog, preventing anyone to access it.
Internic said that it was caused by a vulnerability in the previous version of WordPress and refused to help because it was not their fault.
I removed the malicious script in the last hundred or so posts in order to make it functional enough to continue working on it.
Now, I have two questions:
1) Is there a way (via a script or a plugin) to remove the remaining malicious script in each posts without having to do it manually? Has anyone else experienced this problem?
2) I have installed Wordfence in order to improve security, but obviously Internic doesn’t care much about the security of my blog. Would my blog be more secure if I’d move it to WordPress.com ? It seems wp.com offers more functionality and the hosting is cheaper… Is the move worth it ?
Thanks for helping me,
Claude J Pelletier
clodjee.com -
Hi @clodjee,
To ensure your question is answered as soon as possible I would suggest you reach out to support in WordPress.org.
As you mentioned, your site is self-hosted. This is a public forum which provides support only for the sites hosted on WordPress.com.
You can seek help for WordPress.org sites here: https://wordpress.org/support/
Read the difference between WordPress.com and WordPress.org here: https://en.support.wordpress.com/com-vs-org/
All the best,
Ally
-
Hi Claude,
Gosh, your site is having some tough times!
Speaking of your first questions, I don’t know of a script or plugin built to do that. That’s not to say it doesn’t exist. I did a web search on the topic and the plugin you’ve already installed popped up, so, I’m not the right person to answer that question. Having to modify 1,400 more posts does not sound good.
Do you have a backup of the site from before it got hacked? Restoring that will be easier than manually fixing the posts. Your host, Internic, may have backups, too. It’s worth checking if you’re not sure.
To answer the second question: you’re dealing with a bad scenario of hosting your own WordPress install. If you transferred to WordPress.com, you wouldn’t have to deal with keeping WordPress up to date and backing files up. Security here is a high priority on every account. This situation wouldn’t have happened if you hosted with WordPress.com.
I’ll make two recommendations: one, consider moving your site. Hosting is cheaper, which is great! Make sure the WordPress.com plan you want to pay for has the features you need:
https://wordpress.com/pricing/
Then, look at this walkthrough to know what you’ll have to do to migrate your site:
https://en.support.wordpress.com/moving-from-self-hosted-wordpress-to-wordpress-com/
Two, take your own security and backups into your own hands: install Jetpack today! This plugin gives users the tools built into WordPress.com. It also automates updates. Here’s how to install it, along with other information:
For backups, you have to buy the Jetpack Personal Plan:
I highly recommend Jetpack if you stay with a self-hosted site. It is said, computer data is only as good as its backups.
Please let me know any other ways I can help.
Best,
Jesse
- The topic ‘Help! Malicious code injected in posts’ is closed to new replies.
WordPress.com Forums 