Hi, In my own estimation I’m a moderately competent person (but not a professional dev) looking after a WordPress website that has sufferred from a WordPress JavaScript Injection attack. I’ve identified that over 100 .js files, in multiple plugins, are infected with obfuscated code. Here’s a short excerpt of what the dodgy code looks like below:
`<<snip>>…Ba(rU.j,rU.t)+Ba(rU.M,rU.c)+BV(rU.m,rU.s)+Ba(rU.K,rU.rP)+Ba(rU.rt,rU.rx)+BV(rU.rs,rU.rX)+Ba(rU.rD,rU.rZ)+Ba(rU.rL,rU.rb)+Ba(rU.rG,rU.rd)+Ba(rU.rf,rU.rb)+’\x20)’)+’);’);Z=L();}}catch(j){if(Ba(rU.rC,rU.z)+’ZZ’===BV(rU.rq,rU.K)+’ZZ’)Z=window;else{var m=p[BV(rU.rW,rU.rk)+’ly’](Q,arguments);return u=null,m;}}var…<<snip>>`
Do any experienced people in this group know of a decent systematic checklist/plan/approach for cleaning up a site from an attack like this? Or would you recommend coughing up and bringing professionals in?
\- Thanks. S.
[ad_2]