Thread Starter
toocou
(@toocou)
Hi thanks for the info, I’ve already seen these steps and after the scan I am now aware of the affected file /trendflux.com/category/reviews/index.html, although I cannot find this file in filezilla.
All I am asking is where I can find the category files in wordpress so I can delete the malware code.
Cheers,
Toby
You don’t have an index.html in category/reviews, those are “permalink” generated url’s. If you do a view source on that page, you see an iframe injected at the top of the file.
First thing you need to do is FTP into your hosting account, check your main index.php, at the top will be a line of code that looks like
<?php base64....
Remove that. Also check the index.php and header.php of each of your theme directories, it’s probably in there as well.
Once you’ve cleaned it out, you need to locate the backdoor that allowed them to inject the code in your site, usually they hide this somewhere in your images, uploads or plugins directory. You also will need to upgrade wordpress to the latest version if you haven’t already and change all your passwords.
Hi
Quick question, is trendflux.com your domain?