Hello, I am running a site for a client that has been experiencing malware attacks. Google detects these issues and send me notices about the site possibly being compromised and when I do a manual deep scan of the site I find little weird PHP files nested throughout the entire server.
I've gotten pretty good at identifying and removing them, however, they keep coming back! They are mostly localized to the 'wp-content' folder in the 'uploads' directory.
What would be the best method of locking up these old upload folders from 2010, 2011, and 2012 so that they can be accessed for images and media files and whatnot but NOT have any new content written to them? What would be the best permissions setting for this?
I'm using Better WP Security plugin as a preventative measure, which seems to have prevented the malware from directly harming the site, but there is still harm being done by Google's Search results slapping a "site may be compromised" label on the results page when it notices there are new files potentially corrupting the site.
Any advice is much appreciated. Thanks!!