The estimated reading time 1 minutes
Some days ago I got a friendly mail from my hosting company Host Europe, they found some malware inside my wordpress database (not in my blog, but the regular website it-koehler.com. Because of the malicious link they are going to block my complete website (including blog.it-koehler.com). See the mail:
I thought: “Holy sh… whats going on? “
So I spend some time to find malicious code in my database. Thanks to HE they already figured out the issue with an outdated plugin (shapepress-dsgvo) which I did not use anymore at all.
Next step, deleting the plugin with ftp access to my wordpress site.
That was a quick action. But how to search inside my wordpress database? HE offers a great tool to search database and tables.
phpMyAdmin it is possible to search for a string
I changed to search mode.
Here we are, the search returned one entry in table wp_options
In my case it was Option ID 61998, the line had some special java script and link injected:
Next I deleted the complete line in this table.
After searching other wordpressdatabases and no results returned, I gave a try checking my websites by Host Europe again.
YES my blog is reachable again after 8 hours
Conclusion: keep your wordpress plugins up to date!
