Answer the question
In order to leave comments, you need to log in
How to fix a hacked WordPress?
Link to scanner report. https://rescan.pro/result.php?8c7f3ce78df97a9da447...
The hosting is Ai Bolit, he does not find anything.
I cannot remove and install plugins, edit the theme code, although I am an administrator, and just in case I created another administrator through MySQL.
There is a search redirect on the site, as the scanner writes above. And they also demand money from me for treatment through the feedback of the site :) I
replaced all the files with a clean one, leaving only uploads and includes and wp-config. htaccess original. Footer and Header and functions I copied from my other sites. There is only one theme, I download it from the WP repository for a fee.
Tell me how to cure the site?
Link to the site, squeezed for every fireman https://u.to/1bSEFA
Answer the question
In order to leave comments, you need to log in
Similarly, you need to contact the author https://geektimes.ru/users/Nick0las/ , I also have no opportunity to write a message. Help, who can!
I'm not a security expert))) But what if the problem is not in the site, but in the domain. Those. did the domain get into the Yandex database as a malware distributor?
As for the WP itself, install the Wordfence plugin and crawl the site.
Are you sure that the problem is in Wordpress, the attackers could not get to you anymore? For example, having stolen MySQL or FTP accounts, change passwords if possible.
I assume that there are no rights to admin actions due to changes in the database : roll back to the backup or manually view suspicious entries. It will not be superfluous to look at the history of queries to MySQL, if possible on the hosting.
Everything was logically done with the files, I advise you to remove the extra permissions for recording and execution.
If you can't find anything inside, then check the site for holes from the outside using https://metascan.ru, https://detectify.com or https://acunetix.com.These are online security scanners and will give you more detailed security hole reports than rescan.
Yes, and the problem is not in the domain, as mentioned above, the domain was blacklisted due to the installed redirect, which is logical.
Are you sure that your site is really infected?
yandex does not write anything about any mailware
The report of this 'supposedly antivirus' does not contain any details of replaying this redirect, etc.
Add a site here and see what happens
https://webmaster.yandex.ru/site/diagnosis/checklist/
I recommend putting RSFirewall on the site! WordPress plugin It will systematically cut security holes.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question