Hello, when i find malicious .php files on my WP sites, they are usually in uploads directory, i want to ask why? i already disabled php execution in these dirs. anyone please know how to discover in which way these phps was uploaded into uplaods directories? im root admin of the server, so i have access. thx
Change your admin password, don't save any pwd in the ftp client. update all the plugins and the wordpress.
You might have a "back door" active in a plugin or a theme. Install TAC to check the theme, and make sure you only use plugins from reliable sources. That said, I've had trouble with a plugin I downloaded from wp.org in the past, so it seems nothing is safe any more! You might also want to consider the "Ultimate Security Checker" plugin (from wp.org), which will hunt for problems as well (and is free).