Malware Injection keeps succeeding

  • Resolved jackbob

    (@uelmaree)


    6 years, 10 months ago

    Hi there,

    I’ve got your plugin and a security score of around 275. I’ve got a custom login url set, a unique database prefix, captcha, 1 user, completely Block Access To XMLRPC and a number of other settings. I’ve got your plugin across 2 sites and both were hacked.

    However, the hack is always the same malware injection seemingly into pages(they cause redirects to ad sites).

    Screenshot shows malware and location. How do I specifically block this malware injection into pages?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    6 years, 10 months ago

    Hi,

    I’ve got your plugin across 2 sites and both were hacked.

    My question is, do you know if your site was hacked before installing our plugin or after? Also do you know if any of your other plugins have not been compromised and or running some third party issues?

    Points to consider:

    Even though a lot of effort has gone into developing this plugin to protect your site, sites might still get hacked. In that case the following URLs will help you. These are instructions provided by WordPress org support staff.

    My Site was hacked
    Hardening WordPress

    Aside from the above two links you should also carry out the following to clean your site. ( Steps provided by wpsolutions)

    1. Using cpanel file manager delete your wp-admin and wp-includes directories and then upload new versions from a fresh zip file of your WordPress core version.
    2. Delete all plugins and re-install fresh new versions. Also do not use old zip files you have on your computer or server. Always get new plugins directly from wordpress.org or from the developer who wrote them. (Same goes for your theme)
    3. Also go through your root directory and replace all wp core files with new versions and delete any unknown files. Check your wp-config.php file for any suspicious code.
    4. Go through all other wp directories such as uploads etc…and check to see if any suspicious php files are there. (eg, uploads directories should mostly have media files and not php files)
    5. Examine all of your server directories which reside outside of your WordPress installation and look for php files.

    The above should help you get your site up and running and clean from any viruses.

    Kind regards

    Plugin Contributor wpsolutions

    (@wpsolutions)

    6 years, 10 months ago

    Hi @uelmaree,

    How do I specifically block this malware injection into pages?

    You are getting those injections because your site is most probably infected with malware, ie, there is some malicious code inside your server’s filesystem which is causing the injections to happen. The malicious code could be scattered throughout multiple folders and files.
    Cleaning your site thoroughly so that all of the malicious files have been removed is the only way to solve your problem.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Malware Injection keeps succeeding’ is closed to new replies.