One of my WordPress installations appears to be continually hacked. Core WordPress files are being modified and changed. The PHP code is actually being changed. New PHP code is being injected into specific files. I have no idea how this is happening. It appears to be some kind of exploit directed specifically at a plugin or something else.
For example, the following code was somehow added into
[ Malware deleted ]
I installed WordFence to identify changes to files because my server was being added to blacklists from spam originating from Base64 encoded php files in random wordpress directories. It’s only happening to this installation of WordPress. This installation belongs to one of my clients on my shared server. I have already changed the MySQL and main admin logins and passwords, cleaned it up originally using WordFence, and now it’s back today.
Any idea what I should do? I have already updated WordPress to the latest version, all of the plugins to the latest version, and all of the themes as well to the latest version. Whatever exploit they are using, I have no idea.
This installation is running the following activated plugins:
- Disable XML-RPC
- Gallery by BestWebSoft
- Wordfence Security
Can anyone help?
- The topic ‘WordPress Installation Hacked and Being Used to Send SPAM Emails’ is closed to new replies.