malware infacted
malware infacted

When we see a site blocked or see it as a reported attack site when browsed and if its a wordpress site, this will help



1. Update all the plugins and themes installed to the latest version. You will need to remove the older versions first.


2. Make sure none of the theme/plugin use the old version of Timthumb. Additionally clean any Timthumb cache directory if present.


3. Then upgrade the entire wordpress installation even if its already updated. This is required as it will replace all the files with the new and clean ones.


4. The next important step will be to search for any file under the installation that contain base64_decode wrapped in an eval() statement or URL encoded data. We will be able to help you if you are not sure.  If you have ssh access enabled you can check it using

grep -r base64_decode *

The above command may come up with some false positives to but is a good way to start

Also you can look for any hexadecimal code inserted in your javascripts using

grep -rP "(?:\\\\x[A-F0-9]{2}){5}" *

It may also have some false positives like class-simplepie.php.


5. Make sure that you dont have any directory world writable with 777 permissions.


6. Once this has been taken care of you care request a review at google webmaster tools at . You will need to register there first. This will be useful


7. This process may normally take 24 hours once you submit it for review.

Leave a Reply