Support » Fixing WordPress » Malware Keeps Coming Back

  • Hi,

    I have recently taken across a client site that had malware. I found this to be coming from the index.php page. It seems to be creating HTML pages from the website URL and trying to sell Diet Pills.

    I’ve tried scanning with Wordfence to find out where its coming from, but no joy.

    Every time I change the Index.php back to the original it changes itself back normally by the next day.

    This is the index.php file that it keeps changing. I’ve tried changing the permissions to 444.

    [ Deleted ]

    • This topic was modified 3 months, 3 weeks ago by Jan Dembowski. Reason: Moved to Fixing WordPress, this is not an Everything else WordPress topic
Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Jan Dembowski


    Forum Moderator and Brute Squad

    Moved to Fixing WordPress, this is not an Everything else WordPress topic.

    I’ve deleted the malware sample, please never post those. It doesn’t help you or anyone when that is posted.

    Please remain calm and give this a good read.

    When you have successfully deloused your site then consider giving this a read too.


    I also had a similar issue on one of my client sites. I cleaned it twice. In my case the file permissions were also getting updated by the site infection. I actually wanted to find the root cause analysis so that I could get rid of the infection. I used malCure’s malware removal plugin and it was able to detect all the infected files. I cleaned the site and later requested a site audit offered by plugin developer. Since then there is no recurrence.

    Are you still having the issue?

    Hi @ruchika_wp ,

    I’ve tried that, it just finds the index.php file that was changed and not the actual file that keeps causing the index.php to change.


    The plugin is really good at detection. For root cause analysis, it’s recommended to hire a professional security expert. The plugin author also provides malware removal support. May be you want to give it a try.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.