cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WordPress redirect hack

Hello,

 

My WordPress site was hacked with site redirect malware.  I have completely wiped WordPress and the database from the site and installed a fresh copy of WordPress. Several different scans report that the site is clean.

 

Before I started to restore my content, I poked around to make sure it was clean.  All was well until I accessed the site from a browser that blocks cookies.  When I clicked anywhere on the site, I got a redirect to a baidu spam link.

 

I then checked out the site code, and I found out why:

wp-malware.png

This code checks for a specific cookie.  If it is not there, it sets up a click event listener that opens a new window with a baidu spam link. 

 

I've gone through every single file that I have access to on my server.  There is no code that matches.  I also checked for blocks of base64 encoded stuff and as near as I can tell, there is also no block of hashed code that could render into.  With a completely clean install, this tells me that the hack may have infected a script or an install on my Linux host that I'm not able to see.  

 

Anyone have any ideas for me?