it-koehler.com hacked! What to do next? Plugin to blame!

The estimated reading time 1 minutes

Some days ago I got a friendly mail from my hosting company Host Europe, they found some malware inside my wordpress database (not in my blog, but the regular website it-koehler.com. Because of the malicious link they are going to block my complete website (including blog.it-koehler.com). See the mail:

I thought: “Holy sh… whats going on? “

So I spend some time to find malicious code in my database. Thanks to HE they already figured out the issue with an outdated plugin (shapepress-dsgvo) which I did not use anymore at all.
Next step, deleting the plugin with ftp access to my wordpress site.


That was a quick action. But how to search inside my wordpress database? HE offers a great tool to search database and tables.

phpMyAdmin it is possible to search for a string

I changed to search mode.

Here we are, the search returned one entry in table wp_options
In my case it was Option ID 61998, the line had some special java script and link injected:

Next I deleted the complete line in this table.
After searching other wordpressdatabases and no results returned, I gave a try checking my websites by Host Europe again.
YES my blog is reachable again after 8 hours

Conclusion: keep your wordpress plugins up to date!

Print Friendly, PDF & Email
Was this article helpful?
YesNo
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments