Rightchordmusic

Hi Peter,

Firstly, thanks for replying. The internet is a lonely place, when 12 years of your work is suddenly hacked and you have no coding or real tech experience, hence why you started a WordPress blog in the first place!

I’ve followed your advice / guides, this is where I am at.

1. All plugins and themes are updated
2. WordPress update failed – out of memory error!
3. I changed the password
4. I made and downloaded a backup
5. I managed to put the website in maintenance mode, to avoid it being black-listed
6. I searched the source code and found this, which looks similar to the malicious code highlighted in your article. /* <![CDATA[ */window._wpemojiSettings = {“baseUrl”:”https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72×72\/”,”ext”:”.png”,”svgUrl”:”https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/”,”svgExt”:”.svg”,”source”:{“concatemoji” But no idea how to remove it or whether it’s really the problem?
7. I tried scanning with Wordfence again, but the scan fails. the last lines of the log say: [Aug 17 09:23:14]?Scanning: /home/sites/rightchordmusic.co.uk/public_html/wp/wp-content/plugins/wordfence/modules/login-security/classes/utility/nulllock.php (Mem:113.9M)[Aug 17 09:23:14]?Calling fork() from wordfenceHash with maxExecTime: 45 [Aug 17 09:23:14]?Entered fork() – how do I get past this? If I can’t scan it feels like I can’t fix this?
8. Any further help and advice you can give would be hugely appreciated, sadly I don’t have thousands of pounds to spend fixing this, this is an unsigned music blog, not a revenue generating business.

Thank you, I turned off and deactivated several plugins and it worked!