Title: Malware Last modified: June 14, 2024 --- # Malware * [matthewdaleedwards](https://wordpress.org/support/users/matthewdaleedwards/) * (@matthewdaleedwards) * [1 year, 11 months ago](https://wordpress.org/support/topic/malware-161/) * Hello everyone, * I am really struggling with a website that has malware. It started a few weeks ago where the site would just go down, i wouldn’t even have access to WordPress. I needed to contact the ISP to replace core files in order to give me access again. * Once back in i scanned the site with imunify and it found lots of infections, after cleaning out all the malicious code i ran the scan again and it was clean. I then scanned with wordfence and it was clean. I then scanned again half an hour later with imunify and 35 new infections, scanned again with wordfence and no infections. * My eset anti-virus also thew up a warning when visiting the site JS/Agent.RRO was found. * So something is re-infecting the site and I have no idea how to solve this, your help would be greatly appreciated. Viewing 2 replies - 1 through 2 (of 2 total) * Moderator [threadi](https://wordpress.org/support/users/threadi/) * (@threadi) * [1 year, 11 months ago](https://wordpress.org/support/topic/malware-161/#post-17825503) * Take a look at this article: [https://wordpress.org/documentation/article/faq-my-site-was-hacked/](https://wordpress.org/documentation/article/faq-my-site-was-hacked/) * It is possible that the attacker has created a user account. Check whether there are any users there who are unknown to you – especially administrators. * You should also change all passwords – not only of the users in WordPress, but also of the hosting. * Check via FTP to see if there are any unknown files there. Delete these if possible. * Overall, this type of cleanup could be time-consuming. It would be easier if you imported a backup from the time before the hack. Delete all files and the database in the hosting beforehand. Only then can you be sure that you have a really clean system. * Also take a look at this article: [https://developer.wordpress.org/advanced-administration/security/hardening/](https://developer.wordpress.org/advanced-administration/security/hardening/) * Thread Starter [matthewdaleedwards](https://wordpress.org/support/users/matthewdaleedwards/) * (@matthewdaleedwards) * [1 year, 11 months ago](https://wordpress.org/support/topic/malware-161/#post-17825558) * Thanks for getting back to me. * I have reset all passwords the first time this happened a few weeks ago so that has not helped. No odd user accounts in word press or ftp. * I dont have a local copy of the site and the host only keeps 20 days of backups and I know the first time this happened was over 20 days ago so i dont have an option to restore a clean copy. * I dont unerstand why WordFence and other scanners i have used detect no malware but if i use Imunify in Cpanel it detects more and more with every scan, its obviously continuously replicating. And becasue WordFence isnt detecting anything i cant repair or delete the files. * Have followed as many articles as i can find but nothing seems to be a permanent fix. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Malware’ is closed to new replies. ## Tags * [WordPress](https://wordpress.org/support/topic-tag/wordpress/) * In: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/) * 2 replies * 2 participants * Last reply from: [matthewdaleedwards](https://wordpress.org/support/users/matthewdaleedwards/) * Last activity: [1 year, 11 months ago](https://wordpress.org/support/topic/malware-161/#post-17825558) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics