Web Hosting, Design, & Coding forum


Josh Yudell needs help to get rid of malware

by josh_yudell12 / March 27, 2013 6:20 AM PDT

Hello guys,

My name is Josh Yudell and glad to be a part of cnet. I need help from the experts and senior members regarding malware at wordpress websites.

My wordpress sites seem to be constantly getting attacked and some malware scripts keep being embedded in my header file(header.php).

I am even running a few plugins that are supposed to stop it from happening and thats not working. I deleted the script from the header file but the malware warning still shows up when I scan it:

Suspicious conditional redirect.
Details: http://sucuri.net/malware/entry/MW:HTA:7
Redirects users to: [ malware site redacted, you really don't need to share that link here ]

Any help or suggestions that any one of you can provide would be GREATLY appreciated.

Waiting for your responses.

Josh Yudell

Answer This Ask For Clarification
Discussion is locked
You are posting a reply to: Josh Yudell needs help to get rid of malware
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Josh Yudell needs help to get rid of malware
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

All Answers

Collapse -
If a website is infected...
by Sovereign Forum moderator / March 27, 2013 7:17 AM PDT

Unless you can be 100% sure of where the malware came from and what it changed, because you have an intrusion detection system (OSSEC), simply removing the damage you see (like code in header.php) doesn't actually solve the problem, because whatever put it there in the first place could still exist.

Take a look at this in terms of securing your WordPress in the future:

For now, I don't think you can get around completely reinstalling WordPress. You can export your data and then reimport it, but before you move the uploads folder back, make sure there are no script files in there e.g. something.php or something.js.

It is possible that something unwanted could be stored in the database, but in all my WordPress infections I've seen, the database was always clean, so there's hope.


Collapse -
Hacked Wordpress sites - Additional help
by InMotionHosting / April 26, 2013 12:45 AM PDT

Hey Josh - sorry to hear about your malware issues on WordPress!

I work with a community support department for a hosting company and we very often get involved in reviewing WordPress sites that have been hacked. The last one I reviewed was hacked through the theme. While I don't recommend a SINGLE solution, this one is very good in that it reviews ALL of themes that you have loaded and will note if one is showing up as hacked:


Other than that, if you don't trust the plugins, as long as you have access to your WordPress Admin dashboard, you can always go in and change themes to make sure it's not the source of the issue.

Finally, a very common hack that you might see is an .htaccess injection. Common examples of hacks in this file are additions of redirects (normally to a bad site) and base64 code (which are typically redirects). You can find a lot of information about this common hack here:


If you want to see what a normal htaccess entry for WordPress, look here (it's a forum post in Wordpress, but it shows the correct default Wordpress htaccess):


Remember to make a BACKUP if you're not familiar with making changes to ANY of your configuration files. That way, if you do make change and it's not a good one, then you can revert back.

Finally, you mentioned SITES - instead of a singular WordPress site. From experience, I can tell you that sometimes there may be a single compromised site that can lead to your others becoming infected (especially if you're on shared hosting). Make sure that you enforce the cycling of the Admin and user passwords when you have a hack issue. For that matter - make sure you cycle ALL of your account passwords. It just good practice and should be a necessity when security issues are the issue.

I hope this helps you with your malware issue!

-Arnel C.

Collapse -
Josh Yudell needs help to get rid of malware
by drjasondiamondreviews / September 11, 2013 9:40 PM PDT

dr jason diamond reviews,

Hi Josh Yudell,

Nice Question you have asked here,I found pretty informatics InMotionHosting's answer, and I dr jason diamond reviews just would like to say thanks to josh yudell and InMotionHosting,

dr jason diamond reviews

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


CNET bought a house!

Take a look inside the house where we will be testing connected locks, thermostats and other smart home products so we can tell a complete story.