The process of editing and deleting hackers files can be very difficult so constantly searching for updates is crucial. It doesn’t occur on a regular basis but looking at updates is necessary at least once a week. Create a folder, fill it up with useful links and keep it handy. At the end of the post i will place useful sites to bookmark. If you read Part One then this process will be considerably stress free. Your Blog should be well protected from any more attacks now but there are many folders to search through, many files to be edited and many files to be deleted. If you were infected after scanning your Blog, the results should indicate where the problems are. But even after you fix those obvious hacks there will be more work to be done. This exactly happened to me and it probably will be the case for you. I certainly hope it didn’t for you but the odds are against you and most people who are using Also remember and as I reported in Part One, This vulnerability has nothing to do with at all. I also want to take the time now to express something to the readers here. These posts here are about the experience I had and the steps I took. And because, after searching throughout the internet, I am certainly not alone. Many have been infected since the beginning of August and are experiencing the exact problems.

Step 7. After searching around this article helped me the most:

A few days ago a new PhpRemoteView hack, a malicious JavaScript loading from, attacked many WordPress website, including some of mine. There are already a few discussions on this topic and it was a pretty difficult to find a reliable source how to get rid of this problem, but a few websites like and introduce interesting solutions, which I combined together and first tested on my sites, before wraining this article (it worked on my WP blogs btw:)

Generally, the JavaScript
'<script language="javascript".............
redirects visitors that were going to the WordPress site to fake search engines full of ads. To check if you have it (except the obvious- redirection:), try to find a similar chunk of code on your homepage (it should appear just at the end of the html code, behind the closing body tag:

'<script language="javascript".........

It is caused by a security vulnerability in timthumb.php (also known as tumb.php), which is is a free PHP script that resizes images used by many WP themes developers. Many great WP themes use that script including Elegant Themes, so if you haven’t updated your theme during the last 5 days, your website is probably infected by it! Here is a step by step solution…Learn More

Step 8. Checkout other Bloggers and Forums discussing the situation because they are in real-time and as important:


1. WordPress SQL Injection – Latest Attack

2. PhpRemoteView hack: How to Remove it 

3. Removing PHPRemoteView hack attack from your WordPress


If there are more useful links, I will post them here. Throughout these two parts I have posted other links. Make sure you bookmark them also. Be careful and good luck!

Share →

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop us a note so we can take care of it!

Visit our friends!

A few highly recommended friends...

Set your Twitter account name in your settings to use the TwitterBar Section.