1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Need help with WordPress site malware

Discussion in 'Security' started by kskoh, Sep 20, 2016.

  1. #1
    Hello,

    I have a client who has a Wordpress site built last year. However, due to lack of security protocol, we believed that the site has been compromised and we can't seem to find the cause of the problems.

    Some problems we faced:
    1) Design of the site changes even after we update it to the latest version
    2) Wordpress users were created automatically even after removal manually
    3) Server will get uploaded with adult content after a while

    I am currently seeking any professional expert that is keen to look into the problem. Kindly pm me for more information. Thank you.
    SEMrush
     
    kskoh, Sep 20, 2016 IP
    SEMrush
  2. pavv

    pavv Active Member

    Messages:
    256
    Likes Received:
    6
    Best Answers:
    1
    Trophy Points:
    70
    #2
    In many such cases, the best option is to install a fresh WP and copy the posts from the old installation.
     
    pavv, Sep 20, 2016 IP
  3. dcristo

    dcristo Illustrious Member

    Messages:
    19,738
    Likes Received:
    1,186
    Best Answers:
    7
    Trophy Points:
    470
    Articles:
    7
    #3
    Restore an old backup, then update wordpress and all the plugins and theme you're using.
     
    dcristo, Sep 20, 2016 IP
  4. Mike Lee

    Mike Lee Active Member

    Messages:
    58
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    53
    #4
    You can try the following:

    • Remove all users that you think are hackers
    • Change all the password you have used on the site, including web hosting panel password
    • Change the theme to genuine theme
    • Uninstall all unnecessary plugins
    • Install security plugin like WordFence
    • Monitor your site activity via web host, user logs etc..
    • Use Sucuri.net to check whether your website is clean
     
    Mike Lee, Sep 21, 2016 IP
  5. billzo

    billzo Well-Known Member

    Messages:
    961
    Likes Received:
    278
    Best Answers:
    15
    Trophy Points:
    113
    #5
    Doing a clean install of Wordpress and using the same database, but after checking the database for iframes and javascript embedded in content.
     
    billzo, Sep 21, 2016 IP
  6. MechanicWeb-shoss

    MechanicWeb-shoss Active Member

    Messages:
    62
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    60
    #6
    It seems that it's an issue that involves malware. Have contacted your provider to run a malware scan?

    Some providers offer malware scan for free. If you need guidance/assistance on this, you may contact us at https://www.mechanicweb.com
     
    MechanicWeb-shoss, Sep 28, 2016 IP
  7. VerdinaNET

    VerdinaNET Greenhorn

    Messages:
    127
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    23
    #7
    VerdinaNET, Sep 30, 2016 IP
  8. Starmarshal

    Starmarshal Peon

    Messages:
    3
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #8
    yeah, i had the same problem. You shoul do all what Mike said, plus you can configure some wp plugins to get better security. For example to protect from brute force just configure All In One WP Security & Firewall plugin to hide admin or use bunch of other plugins to prevent from xss
     
    Starmarshal, Aug 5, 2019 IP
  9. nikunj patel

    nikunj patel Active Member Premium Member

    Messages:
    170
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    96
    #9
    try to check manually log, its sounds like some one get upload shell on your server and get your server backdoor , check server logfile , it will help you to identify activity,
     
    nikunj patel, Aug 20, 2019 IP