VickeyWilliams

Sorry you all got hit with this redirect. Such a pain to get rid of it. I forgot to upgrade WordPress etc. on one site on my account and it ended up infecting all 6 sites. It’s been 2 weeks now and I may have solved the problem.

I did the following after deleting the obvious js code in the header.php file.

1. Updated everything wordpress/themes/plugins
2. Changed passwords and user names, ON EVERYTHING!!! I don’t use admin as a user name any longer.
3. Got rid of all plugins and themes I wasn’t using. Though I like to keep one default wordpress theme, but it needs to be updated also.
4. Installed Wordfence, it did discover some code with a “GLOBAL” line in it on other pages, not sure it was related but I deleted those files and any files Wordfence called out. That line was in a contact form plugin and older themes if I recall. Sorry didn’t keep that line of code.
5. I also started logging in from another browser thinking Safari may have been a problem.
6. I did sign up for Sitelock through my host and elected to go for the version that fixes problems. I set this up on one account.

I monitor my sites with wordfence now and have Sitelock on the main one.

Free from this hack now for a week, keeping my fingers crossed that it’s gone.

You may want to review this link I found helpful.

https://www.malwareremovalservice.com/wordpress-header-php-var-a1aqapkrv02vrg-injection/