Title: Mass mailing (attack malware)
Last modified: July 5, 2026

---

# Mass mailing (attack malware)

 *  [famada](https://wordpress.org/support/users/famada/)
 * (@famada)
 * [5 days, 12 hours ago](https://wordpress.org/support/topic/mass-mailing-attack-malware/)
 * I thougt my wordpress site has been hacked, may be some hacker inject malware
   script , my web hoster found a mass mailing 1200 in one day so they temporary
   suspend my site and they will not restore the until I found the source of the
   issue
   I can’t access to cpanel because of the suspension and all I have right
   is only the backup of my site , I try my best but I can’t find the source of 
   mass maillingSo what can I do , how to find it offline ?? Thank you guys

Viewing 1 replies (of 1 total)

 *  [Patrick – WPMU DEV Support](https://wordpress.org/support/users/wpmudevsupport12/)
 * (@wpmudevsupport12)
 * [5 days, 9 hours ago](https://wordpress.org/support/topic/mass-mailing-attack-malware/#post-18956191)
 * Hi [@famada](https://wordpress.org/support/users/famada/)
 * If you have only the backup you will need to start restoring it on local computer
   to run a malware scan.
 * I suggest using Local WP or studio by WP.com which are straightforward options,
   I couldn’t find a well detailed guide but this can help [https://localwp.com/help-docs/getting-started/how-to-import-a-wordpress-site-into-local/](https://localwp.com/help-docs/getting-started/how-to-import-a-wordpress-site-into-local/)
 * Once done, use a malware scan plugin [https://wordpress.org/plugins/search/malware+scan+login/](https://wordpress.org/plugins/search/malware+scan+login/)
   to perform a full scan.
 * This can help as well [https://github.com/nitkr/Clean-Sweep-2.0](https://github.com/nitkr/Clean-Sweep-2.0)
 * If the malware is confirmed you can perform a full cleanup [https://wpmudev.com/blog/how-to-clean-up-a-hacked-wordpress-site/](https://wpmudev.com/blog/how-to-clean-up-a-hacked-wordpress-site/).
   But it is possible you had spam submissions from your contact form, so also check
   the contact form entries ( if your contact form plugin saves it ) to analyse 
   if it wasn’t the case.
 * Another step you may take is ask for access_log for your hosting provider and
   use AI to analyse the access log on specific timeframe, let’s say if it happened
   yesterday, ask AI to analyse past 48 hours on what could be triggering massive
   emails.
 * Best Regards
    Patrick Freitas – WPMU DEV Support

Viewing 1 replies (of 1 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fmass-mailing-attack-malware%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 1 reply
 * 3 participants
 * Last reply from: [Patrick – WPMU DEV Support](https://wordpress.org/support/users/wpmudevsupport12/)
 * Last activity: [5 days, 9 hours ago](https://wordpress.org/support/topic/mass-mailing-attack-malware/#post-18956191)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics
