I have a wordpress website that was hacked. The hacker inserted hidden HTML in my posts (wp_posts table) using this HTML pattern:
<div style="overflow:hidden;height:1px;">
<p>Text here, always different</p>
<p>More text....</p>
</div>
Is it possible to locate in the DB everything that starts with
<div style="overflow:hidden;height:1px;">
and ends in the next
</div>
and then remove these entries from the DB?
Note: I have access to phpMyAdmin.
I really appreciate any help you can provide.
CodePudding user response:
You could start by selecting every column that has that div in it
SELECT *
FROM TABLE
WHERE column1 column2 column3 LIKE '%<div style="overflow:hidden;height:1px;">%'
If that brings up everything
DELETE FROM TABLE WHERE column1 column2 column3 LIKE '%<div style="overflow:hidden;height:1px;">%'
CodePudding user response:
I assume you meant remove the offending code block from each post, and not
remove these entries from the DB
Important
- This approach will only work when there are no other divs nested within the one described.
- Make sure you have a useable backup before going any further.
SELECT
id,
post_content,
REPLACE(
post_content,
CONCAT(SUBSTRING_INDEX(SUBSTRING(post_content, INSTR(post_content, '<div style="overflow:hidden;height:1px;">')), '</div>', 1), '</div>'),
''
) cleaned
FROM wp_posts
WHERE post_content LIKE '%<div style="overflow:hidden;height:1px;">%</div>%';
Do a thorough check on the results to make sure you are happy with the transformation from post_content to cleaned. If all looks good, take a backup of wp_posts, and do the update -
UPDATE wp_posts
SET post_content = REPLACE(
post_content,
CONCAT(SUBSTRING_INDEX(SUBSTRING(post_content, INSTR(post_content, '<div style="overflow:hidden;height:1px;">')), '</div>', 1), '</div>'),
''
)
WHERE post_content LIKE '%<div style="overflow:hidden;height:1px;">%</div>%';