My temporary solution is to change the public_html ownership to ROOT.. off course after clean up the malware first & restart the httpd/nginex. so far it works just fine, the malware doesn’t come back.. but now ive got issue to update the plugins since it askes for the ftp access. 😀
