Your website redirects you to a malicious or fraud resource? And automatic tools can’t fix that? Well, it looks you need to check website database tables.

This is the short guide about how to remove malicious redirect from WordPress website database. Manually. And first, please, make a backup for your website database 🙂 So, lets start!

1. Check siteurl & home values of wp_options table (wp_ – table prefix may be different). You can use phpMyAdmin (if it installed on your server) or Adminer.

2. Check wp_posts table. If a malicious script exists – use the SQL command:

It removes all malicious scripts from the entire wp_posts table.

3. Then, we recommend you to use search and check tables for malicious URL again:

malicious-script-url.com

4. And on top of that, search and check all scripts in your database:

<script

5. After database cleanup, we recommend you to change passwords for all administrators and also remove the administrators generated by malware.

This guide prepared by Andrew Kutuzov / Virusdie senior security expert.

Join our private Facebook group to get help from other security experts, and share your own web security experiences and expertise. Group members receive exclusive news and offers. They can also communicate directly with the Virusdie team. Join us on Facebook.