How to remove malicious code from a WordPress site?

A

Artem Kom2019-05-09 13:28:18

Data protection

Artem Kom, 2019-05-09 13:28:18

Hello dear associates.
I need your help. One of my websites has been infected with malicious code. Hosting Siteground platform Wordpress.
The essence of the malicious code:
A new folder with a short name appears in the root of the site (although it was previously in the wp-admin or wp-includes folder). It contains several php files, .htaccess robots.txt and so on (if I have an example)... The hoster and Google have already warned and banned the site several times. I delete folders - everything becomes normal. Well, the problem is that they regularly appear again! I don't know what to do anymore. It's
worth premium Wordfence, Sucuri (not premium) - they find it, but only after this one appears in the directory. But I do not understand how to make sure that the virus does not appear. My fantasy is over.
Scanned, reinstalled everything, changed all passwords, searched through ssh for the latest changes ... All to no avail.
Maybe someone had a similar problem? Many thanks in advance for your help.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

D

Dim Boy, 2019-05-09
@twix007

I use aibolit + check the plugin archive before installing it on virustotal

D

Dimonchik, 2019-05-09
@dimonchik2013

save the logs in a parallel file xs
will it work on
most probably not

P

peecaboo, 2019-05-11
@peecaboo

You need to start by reinstalling everything, starting with a clean VP, then clean up the code. Plugins won't help here.