Sometimes the best remediation is to directly edit the content to remove malicious elements. This guide covers how to safely edit infected posts and pages.
When to Edit vs. Quarantine #
Choose Editing When #
- You want to permanently remove the threat
- The infection is clearly identifiable
- You know what clean content should look like
- It’s a small, targeted fix
Choose Quarantine When #
- You need to stop the threat immediately
- You want to preserve evidence for investigation
- You’re not sure what’s legitimate content
- You might need to restore later
Opening the Editor #
From Findings List #
1. Go to Content Guard Pro → Findings
2. Find the finding you want to address
3. Click Edit Post in the actions column
4. WordPress editor opens with the affected post
From Finding Details #
1. View finding details
2. Click Edit in WordPress button
3. Editor opens to the affected post
Direct Access #
1. Go to Posts → All Posts
2. Find the affected post
3. Click Edit
Locating Malicious Content #
Using Finding Information #
The finding details tell you:
- Field: Where the content is (post_content, custom field, etc.)
- Matched Text: What to look for
- Position: Approximate location in content
In Gutenberg Editor #
1. Open the Content Guard Pro sidebar panel
2. See the finding highlighted
3. Click “Locate” to jump to the block
In Classic Editor #
1. Switch to Text (HTML) view
2. Use browser find (Ctrl+F / Cmd+F)
3. Search for the matched text from the finding
In Code Editor #
1. Click “Options” (three dots) in Gutenberg
2. Select “Code Editor”
3. View raw HTML to find malicious code
Removing Different Threat Types #
External Scripts #
Look for script tags pointing to unknown domains and delete the entire tag including opening and closing elements.
Malicious Iframes #
Look for iframe tags, especially those with display:none styling or pointing to suspicious domains. Delete the entire iframe element.
Hidden Spam Links #
Look for div or span elements with CSS hiding (display:none, visibility:hidden) that contain links to external sites. Delete the entire hidden container.
Inline Event Handlers #
Look for img, div, or other tags with attributes like onclick or onerror. Either delete the entire element or remove just the dangerous attribute.
SEO Spam Text #
Look for paragraphs containing pharmaceutical, gambling, or other spam keywords. Delete the spam content or the entire element.
Best Practices for Editing #
1. Work in Code View #
For precise removal, use the Code Editor in Gutenberg:
- Shows exact HTML
- No block parsing issues
- Easier to find hidden elements
2. Search Thoroughly #
Malicious content may appear multiple times:
- Search for the domain throughout the post
- Check for variations (http vs https, with/without www)
- Look for similar patterns
3. Preserve Legitimate Content #
When editing around infections:
- Don’t delete more than necessary
- Keep legitimate text and formatting
- Maintain document structure
4. Check Related Posts #
If one post is infected, others may be too:
- Run a full scan
- Check posts by the same author
- Check posts from the same time period
After Editing #
Save and Scan #
1. Save/Update the post
2. If on-save scanning is enabled, scan runs automatically
3. Check that findings are resolved
Verify the Fix #
1. View the post on the front end
2. Check page source for removed content
3. Confirm no malicious elements remain
Clear Caches #
If caches don’t auto-clear:
1. Clear your page cache
2. Clear CDN cache if applicable
3. Verify changes appear to visitors
Auto-Resolution #
When you save an edited post and the scan finds no issues:
1. Existing findings are automatically marked Resolved
2. Resolution metadata is recorded:
– Method: “auto_scan_on_save”
– Timestamp
– User who saved
3. Finding remains in history for audit
Editing Custom Fields #
For findings in post meta (custom fields):
Standard Custom Fields #
1. In editor, find Custom Fields panel
2. Enable it via Screen Options if hidden
3. Find the affected field
4. Edit or delete the value
Advanced Custom Fields (ACF) #
1. Find the ACF field group in the editor
2. Edit the affected field
3. Save the post
Elementor Data #
1. Edit with Elementor
2. Find the affected widget
3. Edit or remove the malicious content
4. Save and update
When Editing Isn’t Enough #
Sometimes editing won’t fully address the issue:
Root Cause Unaddressed #
- Check how the content was injected
- Review user accounts and permissions
- Update WordPress, themes, and plugins
- Change passwords
Widespread Infection #
- Many posts may need cleaning
- Consider database-level cleanup
- Restore from clean backup if available
Persistent Reinfection #
- Malware may be in files, not just database
- Run file-based security scan
- Check for backdoors in theme/plugins
