Support » Fixing WordPress » Trouble finding malware on site

  • Hello,

    2 of my clients websites are being identified as suspicious by Google. Which is very, very bad. But when I scan the websites, and have our web host scan the websites, we can’t find any malware. Nothing at all.

    So, if any of you are comfortable, please see if you can find something that we can’t. Here are the URL’s:

    It’s some sort of a script.

    If you don’t want to visit the sites yourself, how do you normally root it out?

    Thanks a ton!

Viewing 7 replies - 1 through 7 (of 7 total)
  • Krishna



    Your going to have to have FTP or SSH access to the site in order to fix the issue. Below are some steps you can take:

    1) First, do you have a “clean” back-up of your site, if so, just restore it from that.

    2) If #1 doesn’t apply, do the following, check all .htaccess files, index.php files and any include files or theme files you may be using.
    3) Also, check above your web directory (usually above public_html, httpdocs, html, etc) for an .htaccess file that will override anything in your web directory.

    4) Remove any code that you find in your “legitimate” files that matches any of the following (Note – this isn’t an all exhaustive list, it’s the most common issues I’ve seen):
    a. “eval(base64_decode(…..”
    b. “edoced_46esab…”
    c. “getMama…”
    d. “115,99,114,105,112,116….”
    e. “document.write(‘<iframe…..”

    5) Look for any php files in any image, css, upload, download, etc directories that would not normally have a php file in them. Check the file contents for base64 strings and thing that point to it being a php shell such as “FilesMan”, “c999sh”. If you find files like this, DELETE THEM.

    6) Once you’ve cleaned your site – UPGRADE it if you are not running the latest version to remove any possible publicly available vulnerabilities.

    7) Also I would recommend checking permissions; files should be at 644 and directories at 755 (this depends on your hosting company/server – this is the most common setting). Change your cPanel and FTP passwords.

    8) Once you have completed all those steps, go to and if you don’t already have an account create one (Obviously if you have one – skip this step).

    9) Once you’ve created your account, add your site, then on the left hand side, click on “Health”, “Malware” . If they have you flagged, and you have cleaned your site, submit it for re-evaluation. This usually will take between 48-72 hours before you are cleared.

    Hope this helps

    Thank you so much! It seams like every directory has the “eval(base64_decode(…..” malware in it.

    I’m going through and removing all the PHP files it created and edited.

    Is this normally a result of not updating WordPress? I’m always cautious when updating WordPress because of themes and plugins breaking.

    Now I’m having a new issue.

    I have edited the PHP files with FileZilla to remove the malware, but now I’m getting an undefined PHP error.

    I tried downloading and manually uploading new WordPress files, except wp-content and wp-config.php, but there’s no change.




    Please this link:

    You need to go through all the resources mentioned there by Esmi.

    My most recent post wasn’t in regards to the malware. I’m able to remove that on my own now, but once I do it breaks the files.

    I just don’t know why the files don’t work once I remove the malware or replace them with new wordpress files.




    Please see the link I posted above and follow the instructions there.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Trouble finding malware on site’ is closed to new replies.