Created
March 1, 2018 21:25
-
-
Save thinkstylestudio/5b99ca3a5168de48eb59a72cb4994e87 to your computer and use it in GitHub Desktop.
How to Efficiently Clean Hidden Link Injections in Your Hacked WordPress Sites - https://managewp.com/blog/clean-link-injections-hacked-websites
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // By default only preview infected posts. Change to 0 to clean posts | |
| $preview_only = 1; | |
| // This is the pattern to search and replace with blank | |
| $pattern = '| | |
| posts where post_content LIKE '%display: none%'"; | |
| global $wpdb; | |
| $num_cleaned = 0; | |
| $posts = $wpdb->get_results($query); | |
| echo "Suspicious: ".count($posts)." "; | |
| if ($preview_only) | |
| echo "Post IDs: "; | |
| // go through all suspicious posts | |
| foreach ($posts as $post) | |
| { | |
| if (!$preview_only) | |
| { | |
| // try the pattern | |
| $new_content=preg_replace($pattern, '', $post->post_content); | |
| // update the cleaned content | |
| if ($new_content!=$post->post_content) { | |
| $wpdb->update( | |
| $wpdb->posts, | |
| array( | |
| 'post_content' => $new_content | |
| ), | |
| array( 'ID' => $post->ID )); | |
| $num_cleaned++; | |
| } | |
| } | |
| else echo $post->ID." "; | |
| } | |
| if (!$preview_only) | |
| echo "Cleaned: $num_cleaned"; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment