I've been dealing with my wordpress malware infection for days. I was successful to remove the redirection scripts (htaccess attacks) and was scanned cleaned by Sucuri.
Currently, my problem is in the admin section. But haven't succeed locating the source of the weird malware detections(again, on some parts of the admin section only).
Things that I've tried but failed :
(note: I already changed all my passwords including AUTH Keys and SALT Keys for the wp-config.php [FTP/User Account/SQL])
- Installed a lot of anti malwares, security and scanners plugins
- Restoring Back-ups 1-2 Weeks before the Malware Attack(A lot of times)
- Clean Install - Several times (malware detected even before I install any plugin/theme)
- Tried locating the scripts by Chrome's console, I saw that It was from load-scripts.php, So I opened the file but didn't see anything suspicious (same script detected even after a clean install)
My only remaining suspect is the database/sql (I'm not 100% sure if they can alter this or altered it already to produce the said malware scripts, but already done a few reading about it, returning with a positive).
I ruled out my hosting because apparently, I installed another blog(clean install) on it, and everything is functioning well w/o any malwares admin or not.
I'm no developer, so I actually had no idea how to deal with sqls. So what do I do now?