I tried opening the home page of my website (this website) today and my Avast Mac Security Web Shield wouldn’t let through due to a JS:Injection-I [Trj]. Basically a trojan had been injected onto my website. After further research, I decided to try and find the infected files.
I pulled a risky move by downloading a backup of the entire site onto my computer and letting Avast catch/quarantine the infected files in it’s Virus Chest. After doing so, it told me which three files had been infected – all header.php files from each of the three default WordPress themes: Twentyfourteen, Twentyfifteen, and Twentysixteen.
After deleting these files from both my computer and my web server (without opening them), I did a quick search on GitHub for the original theme header.php files for each of the themes. I then copied and pasted them over to new files, saved them in the backup and uploaded them to the server.
I reloaded my website’s home page and now have a healthy site where Avast gives the thumbs up.
Tools/Skills Used: Internet Research/Google, Avast Mac Security, FileZilla FTP, Atom/GitHub Text Editor
Do you have a WordPress problem?
If venturing into the deep parts of your website is intimidating, don’t hesitate to contact me. There are two ways I can help you: I can do it for you OR I can teach you how to do it. Either way, it resolves your WordPress problem faster.