We have seen this one a few times coming from WordPress but we have also seen it in Google Analytics code or simply in a header.php file. HotOpponents is a simple redirect script but really digs down and makes roots for itself throughout your website files and database. Here’s how we got rid of it in WordPress. Of course, you can always call us and we can clean this for you!
If you’re on a shared server, ask us about dedicated server support: we get you on a super-secure dedicated server for about the same cost as an insecure, slow, shared server (most common setup).
- Locate your wp-config.php file and note the database name.
- Open PHPMyAdmin and locate the database.
- Open SQL Statements and insert the following
Remember to replace your table prefix here with the one in your database.
Also, take notice of the GET variables in the URL, sometimes the tp=2 is different. We’ve seen zzz=3 and jp=88
- That should remove the hotopponents script from your database.
- Replace ALL wordpress files with a clean version
- Next, log in via FTP and quarantine your plugins and theme files.
- download all files and search for malware manually – in obvious spots – header.php, index, etc…
- Scan your site with https://sitecheck.sucuri.net/
- Remove any malware. Many times it’s just better to flush plugins and reinstall them all, then just overwrite your theme files with the latest version or a backup.
- Download and install WordFence and do a site scan
- Finally, update all your passwords (account, (S)FTP, WordPress)
- Backup your site.
Nasty little hack/redirect script from some ridiculously infantile folks.