i am using a wordpress site, and i found a malware script, whenever i try to save page and click on text panel in WYSIWYG, a malware javascript tag is automatically added to the page. here is the script that is automatically added.
i tried to remove the src file by the following code. but it didn't work, The script executes last before the closing of body tag. I tried using this script, but the malware script loads after all javascript loaded. here is my code.
$("script[src='http://cracks4free.info/5/adds.js']").remove()
I need to remove this code, or prevent this code from executing through javasript, jquery, ajax anything.. Just want to get rid of this. Thanks
解决方案
If your server has been compromised you need to rebuild it:
Export your existing content
Rebuild the box with an up to date wordpress version
Import your content
Regularly apply security updates
Trying to use javascript to clean up the content is not a solution. You've got a compromised Wordpress installation and it's a matter of time before some other script-kiddy adds their own personal touches, or something worse happens.