Hi,
It sounds like this might have been a minor infection, but we have a guide here to help clean hacked sites, in case it’s more complex than it seems. Some of the more aggressive scan options may find additional files, and there are recommendations on updates, passwords, etc., which may help prevent reinfection:
How to clean a hacked website
You might not be able to do all of the steps, depending on the types of access you have to the server, but the simpler steps can help as well.
-Matt R
Thread Starter
jefftg
(@jefftg)
@wfmattr
Thank you for the help Matt. I was following your steps and discovered that even thought I could put the url into Google, if I clicked a link from Google search it was looking for that bramble-deforestation.php file and they had hacked the .htaccess site. I am so grateful for your plugin and one of the bad things I didn’t know is that my client had a very simple username he added. But can they get into the .htaccess file though the Admin or is there any other security measure you might be able to add.
I appreciate your time.
Yes, if the attacker got access to an admin account, usually they can add files in a number of ways. I would recommend checking the list of installed plugins, and the list of themes, to make sure none have been added that you don’t recognize. (A plugin could be uploaded that allows creation or modification of files.)
-Matt R
Thread Starter
jefftg
(@jefftg)
Thank you @wfmattr I checked those all, I just didn’t think they would be able to get into the root to get to the htacess through the admin. Thanks again for your time and your great plugin,