WordPress Hack Fix Steps

WordPress Hack Fix Steps

I had fun fixing a small pile of wordpress sites that had been hacked today. I could not find any useful how to guides on how to fix this, so I thought to post it here for the poor soul that also needs to fix this hack.

Site would show near the bottom of each page:



Not Found

The requested URL /spam/getlinks.php was not found on this server.


You can simply edit /wp-includes/general-template.php and comment out or remove the line in the function called get-footer that references main.is file.

You should also remove or rename the file called main.is in the js folder. ( /js/main.is )

You can find common hacks by using the command grep -r base64_decode in the main folder of your wordpress directory. It will show a list of encoded php code that could be used for injection during runtime. Be careful that you do not delete/remove good code that actually uses decoding.

Leave a Reply

Your email address will not be published. Required fields are marked *


*