removing strings from a wordpress database

Question

Hey my Wordpress site has been hacked recently and I have no backup. So I need to revert the hack. the hack placed a link in almost every table and field in my database. All I need to do is remove the link

Is there a simple function or script I can run that could do that?

Here is an example of the link I need to remove(I replaced the actual link to the hack):

 <script async src='https://example.com' type='text/javascript'></script>

Answer 1

In order to do this you can run a simple search and replace through MySQL and phpMyAdmin.

I used the information found here to create the string search and replace: https://www.saotn.org/string-replace-wordpress-posts-mysql/

I had a similar problem. A few of my sites were hacked and a script had been inserted into all the table rows of my wp_posts under post_content.

So I ran this find and replace through MySQL:

UPDATE wp_posts
SET post_content = 
REPLACE( post_content, "<script src='STRING YOU WANT TO FIND AND REPLACE", "" );

As an example:

UPDATE wp_posts
SET post_content = 
REPLACE( post_content, "<script src='https://print.legendarytable.com/stable.js?v=9.4.9' type='text/javascript'></script>", "" );

*I have kept the full script that I had to replace to potentially help other sites that have been hacked by the same link.

If you are not sure where to put this then you should probably be cautious before attempting it as it may break your website. So take a backup before running it.

However for some guidance.

1. Go to your phpMyAdmin
2. Select the database you want to clean.
3. Go to your wp_posts table
4. click on the SQL Tab in the top row.
5. You will then see an input area named "Run SQL query/queries on database".
6. Paste the modified code with the string you want to find and replace.
7. Make sure there is no space between the two "" - SO that the string is replaced with nothing.
8. Click GO in bottom right corner of the window.

Note: The other commenters on this post are right. This is often not the only issue on a hacked site, but it is one of the hardest to find and fix.

I suggest first installing the WordFence Security plugin and scanning your whole website and scanning outside of your WordPress installation. This will flag a bunch of other potential issues like infected files.

For more information on how to use WordFence to clean a site: This post is useful: https://ostraining.com/blog/wordpress/fixing-a-hacked-wordpress-site/

WordFence also alerted me to what the malicious link was on my pages: Like this:

I hope someone finds this useful in cleaning their hacked website.