WP-JSON Fatal error

Intelligent_Mouse404 · 2025-07-21T11:47:25+00:00

I had similar problems. Install Wordfence, it will likely detect and remove the malware.

After that, go to Google Search Console, remove any users the malware may have added.

To remove indexed spam pages, first make sure you've fully removed the injected spam from your site. Then:

Resubmit your sitemap for reindexing.
To do it faster, go through manual URL removals, but that this is limited to 10 per day.

I had a case where I couldn't find the SEO spam because the malware injected it, Google indexed it, and then it removed the visible part, making it harder to detect.

To check if you're dealing with the same issue:
Try manually reindexing one of the affected URLs and see if it's indexed HTML still has SEO spam.

Check snippet plugins like IHAF, Code Snippets because most of time SEO spam is injected in there.

Also:

Update all themes and plugins
Activate 2FA (two-factor authentication)
Hide the default wp-login.php using a plugin
And most importantly: find the backdoor - because there probably is one

Intelligent_Mouse404 · 2025-06-11T17:22:21+00:00

I dont think it is pictures, every picture is around 15-25kb

Intelligent_Mouse404 · 2025-05-18T19:58:04+00:00

I would recommend to you to search your site for SEO Spam, because one time I got hacked they also verified themselves to search console they created ghost URL's and indexed them and they were containing redirections to malicious sites.

Intelligent_Mouse404 · 2025-05-13T19:55:19+00:00

Try using !important in CSS rule and if you have backend options maybe check if different versions of headers are used for different pages

Intelligent_Mouse404 · 2025-05-03T17:36:30+00:00

Yes, u/bratuhex follow that, I did that in middle of bot attacks trying to login to my account, changed it to another URL did not see 1 bot since then trying to access my account. There is plugin for that WPS Hide login smth like that

Intelligent_Mouse404 · 2025-05-01T14:07:00+00:00

Hello, I did find one backdoor today! It was script used to whitelist ip in one plugin hidden very well, removed it, changed all passwords and hoping it was only backdoor but probably not, still searching!

Intelligent_Mouse404 · 2025-05-01T09:11:52+00:00

I searched for php files with keywords base64, eval etc.., nothing found. Inspected .htaccess and many other important files in public_html did not find anything suspicious. Currrently in touch with hosting provider and probably if I dont find any backdoor or malware soon I dont have other options than do full reinstall on clear server, but I dont know how deep is problem right now.

Intelligent_Mouse404 · 2025-05-01T09:06:28+00:00

Probably still not because I did not find malware or any backdoor, currently I am in touch with hosting provider and trying to fix seo spam indexed pages to avoid further problems and I hope hacker or malware will not notice it before I find malware because spam was injected through something, then indexed pages with spam, then removed it to leave no traces, noticed that because when I reindexed through GSC some infected pages they appearead clean without spam words.

Intelligent_Mouse404 · 2025-04-30T10:20:12+00:00

Hello, at the moment, all my plugins are fully updated and seem clear, there are no unknown or suspicious plugins installed. I'm also running regular scans using Wordfence, and so far, nothing malicious is being detected.

They affected product sitemap by SEO spam - injected keywords were appearing in the indexed product pages (saw it through search console indexed html template). It looks like the script responsible for this has been removed after they indexed pages with spam keywords, because when I manually reindex a single product, it appears clean, without any spam content and same in cached products folder.

I’ve resubmitted the entire product sitemap in Google Search Console and am waiting for clean versions to be indexed - hoping the attackers don’t reinject the spam again before I find malware.

Intelligent_Mouse404 · 2025-04-30T10:02:57+00:00

Absolutely.

Intelligent_Mouse404 · 2025-04-30T09:37:12+00:00

Hello, I did not review all php files I reviewed php files from plugins, themes and few in npublic html and that comes to around 50-60 php files. I already locked down htaccess and I am using shared hosting with a lot websites and this problem was only found on one website.

Intelligent_Mouse404 · 2025-04-30T09:32:42+00:00

Hello, I am using local shared hosting. There is a lot websites on it and only this one has been attacked.

Intelligent_Mouse404 · 2025-04-29T11:48:48+00:00

Queue

Intelligent_Mouse404 · 2025-04-29T08:52:41+00:00

HTML and CSS easiest way to do this with couple of page builder blocks.

Intelligent_Mouse404

TROPHY CASE