Malware update –,,etc

We will be posting some quick malware updates on our blog from now on. If your WordPress site got hacked with malware from any of these domains:

In addition to remove the malicious code from the database (wp-posts table), you also need to remove an admin user that was added as part of this attack. It can have many names: JordanK, JoshuaH, MikeM, BettyJ, etc.

The way to identify the malicious user name is that his password will be set to $P$BWrPjMxeckS8Qjhhd.3CqhhpM5c5G3/ and the creation date will be set to 0000-00-00 00:00:00.

The following SQL will fix it up:

delete from wp_users where user_pass = ‘$P$BWrPjMxeckS8Qjhhd.3CqhhpM5c5G3/’ AND user_registered = ‘0000-00-00 00:00:00’;

We will be posting more details as we get them.

If your site is hacked and you need help, visit to learn about our malware removal and monitoring plans.

1 comment

Comments are closed.

You May Also Like