hacked! What to do next? Plugin to blame!

The estimated reading time 1 minutes

Some days ago I got a friendly mail from my hosting company Host Europe, they found some malware inside my wordpress database (not in my blog, but the regular website Because of the malicious link they are going to block my complete website (including See the mail:

I thought: “Holy sh… whats going on? “

So I spend some time to find malicious code in my database. Thanks to HE they already figured out the issue with an outdated plugin (shapepress-dsgvo) which I did not use anymore at all.
Next step, deleting the plugin with ftp access to my wordpress site.

That was a quick action. But how to search inside my wordpress database? HE offers a great tool to search database and tables.

phpMyAdmin it is possible to search for a string

I changed to search mode.

Here we are, the search returned one entry in table wp_options
In my case it was Option ID 61998, the line had some special java script and link injected:

Next I deleted the complete line in this table.
After searching other wordpressdatabases and no results returned, I gave a try checking my websites by Host Europe again.
YES my blog is reachable again after 8 hours

Conclusion: keep your wordpress plugins up to date!

Print Friendly, PDF & Email
Was this article helpful?
0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments