How to remove scripts in posts from an sql injection attack?

Question

I had a plugin that made my Wordpress site vulnerable to SQL injection attack. I\'ve since locked down my site and removed all Wordpress files then reinstalled Wordpress. Th

Answer 1

Just wanted to add to this thread as I found it helpful but with a bit of difference from the posted answer.

The main thing is that the attack in my wordpress database was tacked onto the end of many, many, many wp_posts. So, I didn't need to reattach two strings, just trim from the end.

Not sure this is the best version, but here's what worked for me (after testing it out with SELECT) and cleared nearly 3,000 posts of the offending code doing so:

UPDATE wp_posts SET post_content =
 SUBSTRING(post_content, 1, LOCATE('', post_content)-1)
 WHERE LOCATE('', post_content) >0;

Thanks for the help in keeping my site finally cleared!