There is a nasty WordPress hack that occurred over the past day caused by an Elementor Pro vulnerability. If you happen to experience this hack this guide might be helpful.
What this Elementor Hack does
Ultimately this is a database hack that injects a URL – we’ve seen this type of URL on a few of our websites this morning “https://away.trackersline.com/do.js?l=1#”. That will redirect your website away to that URL and then do whatever lame thing it’s going to do to waste our time this morning 🙂
Getting rid of the Elementor hack
- You can roll your website back a day or two if that’s possible – which should remove the hack.
- If you have access to PHPMyAdmin or some other database tools you can run a search in your database for the file name “away.tracker” – it’ll find that likely in a few places.
- In wp_options – they just replaced your site_url with that URl – if you can just replace with yours and save it that’s the step 1 fix.
- In wp_postmeta – this is the Elementor portion that’s a bit of a pain. You’ll want to find the URL in your DB – usually in places where you’re using images in your posts. Once you find them you need to replace every instance of it with your own URL
- We copied the entire contents of the cells over to Sublime text or whatever editor you use and did a find/replace there.
- You could of course do a find/replace using the WP CLI or straight through Command Line.
That’s pretty much what we’ve figured out at this time. If you’re struggling feel free to hit us up on our contact form and we’ll be happy to take a look for you. Usually having solid hosting, good security, and a backup plan can help you avoid these kinds of things, but there are always annoying little hacks that find their way through.
Hope this saves somebody a little time.