This is a NASTY NASTY NASTY WordPress infection that has been running very wild these past few weeks and infected tons of WordPress sites. Oh by the way, did we say that this TrafficTrade or DanceWithme.biz WordPress Infection is NASTY? What makes this type of infection a bit different than the others is that the script below infects itself into your WordPress database and or theme files and passes many of the infection scanning software out there.
This type of TrafficTrade WordPress Infection will also lead your site to being blacklisted from search engines. This means that when someone tries to visit your site, they will see a massive warning telling them that it is not safe. Like we said, NASTY right?
Here are some pointers as to how you can identify this exist on your site and remove it.
1. Run A Website Infection Scan
Scan site URL at any of the online malware scanners below
Use a WordPress plugin to scan site or server for malicious code.
Below is our 2 favorite infection scanner plugins.Anti-Malware will scan your website for malware and automatically remove any known threats. The plugin can also harden your wp-login.php page to stop brute force attacks. https://wordpress.org/plugins/gotmlsWordfence Security is one of the most popular security plugins available for WordPress. The plugin can scan your website core files, theme files, and plugin files, against known threats. https://wordpress.org/plugins/wordfence
Often overlooked for any WordPress issue is to ask your host to investigate.
That is what they are there for. To support your site. You can contact them and ask them to run a scan on your server for any malicious files or code.
2. Remove Infection Script From Site
The goal here is to track down where the script we mentioned above exists and them remove all traces of it. The scanning we did in the previous step will likely show you what files on your site have this script but it will not show you where in the database it remains.
Run Search and Replace Using a Plugin
Our favorite search and replace plugin is Better Search Replace. Install and active this plugin to search and replace database content. You would simply run a search for the script above and replace it with an empty filed. See image below.
Run Search and Replace Using a SQL Query
To do this, you will need phpMyAdmin access. This access allows you entry to edit the database that your WordPress site runs on. Once you have this you will run the SQL Query below which will search the entire database for the bad script and remove it.
If you are using a caching plugin, make sure you clear your cache to ensure that your site is loading the content after you completed your removal of the bad script.
See a detailed post on how this type of WordPress infection happens at the link below.