UXDE dot Net

How to Get rid of base64 Virus on WordPress

By -

Yesterday, I logged into the Dashboard of my WordPress account and was shocked to see everything messed up. And I didn’t know the reason, because I did not make any changes to the theme or the core files for the last one week. After some investigation I saw a script in the page source, and the script was something like: http://kdjkfjskdfjlskdjf.com/js.php and sometimes the dashboard is being redirected to Bing with a search query, “Free Virus Scan“. I checked the theme files of the blog, and there was some 100-150 lines of malicious code injected into each and every single page of the blog. I started Googling for this solution, I came to know that 200+ WordPress blogs are attacked on 14th April, 2010. I found a solution for how to clean this base64 virus for Goddady users. But after executing that code, I can still find the traces of malicious code. I wrote a quick mail to Amit Agarwal of labnol and Amit of AmitBhawani, both of them suggested to install a clean copy of the core files.

Before Performing this Action: I recommend you to download each and every* file to your PC.
[ad#Google Adsense 336]

So I finally decided to reinstall the whole blog. I’ve checked the database, but the database is unaffected. I started backing up the database, because if anything goes wrong, the data will be save and can be retrieved at anytime. You can use a plugin or you can directly perform a backup from the cPanel. I recommend to do both. Download the images folder to your PC with your FTP Client (I use FileZilla). I downloaded the posts, pages, comments, custom fields, categories, and tags by using the Export option in the Tools menu. Then save the list of plugins in a notepad file. Save your theme widgets, Save your theme files*, So that they can be restored after reinstalling the blog, as it is easy to remove the code from the theme files.

Then I started the uninstalling process of the WordPress application. It will ask to delete the database, but don’t* delete the database now. After the uninstalling process is completed, Check your Web Server for any files or folders, if anything is left which you didn’t upload just delete them. FOR GODADDY USERS*: DO NOT DELETE STATS FOLDER.

Now install the fresh WordPress application. Till then everything has gone fine. Then I logged into the dashboard and started Importing process by Tools > Import > WordPress. All the posts, pages, comments, custom fields, categories, and tags are imported successfully. Then I uploaded the images to Web Server. Then I uploaded the Theme files. Make sure you remove all the malicious code in every* file.  After installing the theme, I started uploading plugins, you must* download the plugins freshly and upload them through your FTP Client to your plugins folder, by default it is wp-content/plugins.

You can also upload them using the plugins uploader in your dashboard but it is painful and time killing process. So, I recommend to upload through your FTP Client. After completing the upload process, go to Plugins > Installed then select all the plugins and click on Activate from the checklist. Your WordPress blog is ready with a new life. I have done this process because I will get all the new files without any mal-functioning of the scripts. The whole process took about 1.5 hr.

Don’t forget to generate a VERY Strong Password this time for FTP Server as well as the Admin Panel.

UPDATE: If you have any problem doing this, Contact me at: sandeep [@] gadgetcage [.] com. I’m ready to help you 🙂

is a Part-time Blogger as of now. He is a Freelance Programmer, WordPress Enthusiast. You can catch him on: Facebook | Twitter | .
If you like this post, you can follow us on Twitter.
Subscribe to GadgetCage Feeds via RSS or Email to get instant updates.

9 Comments to How to Get rid of base64 Virus on WordPress

  1. Nice article @sandeep. WordPress is a secure one by default. The problem starts when we start using plugins and themes downloaded from some unknown websites. When people stop their development of plugin or a theme, then its very tough to get any patches or updates.

    Even though its a plugin to povide security, keep it updated !

    Cheers !

    Robin
    DailyTUT
    .-= Robin´s last blog ..Convert AVI to MP4 for iPod Touch and iPhone =-.

  2. Nice article @sandeep. WordPress is a secure one by default. The problem starts when we start using plugins and themes downloaded from some unknown websites. When people stop their development of plugin or a theme, then its very tough to get any patches or updates.

    Even though its a plugin to povide security, keep it updated !

    Cheers !

    Robin
    DailyTUT
    .-= Robin´s last blog ..Convert AVI to MP4 for iPod Touch and iPhone =-.