Reinstall WordPress from scratch, move just the media files (check and make sure there are NO other files) and reinstall the plugins/theme, maybe rollback to a previous database version as well.
Move NOTHING else from the current hacked installation.
You do have backups, right? If not, this is a lesson to have them asap.
We did this for a customer recently, he had a situation where SiteLock and his hosting company plus various plugins did not solve his issues. This did.
Backup your site > delete the files > scan again > change passwords > update everything
Hopefully you have a database back up before this happened.
You will be better off starting with a fresh install of WordPress and importing the database before the hack.
Before you do the fresh install of WordPress, remove all files. That way you have nothing remaining that could cause it to be hacked.
Also, check to make sure your plugins and themes are from reliable sources.
Wordfence for the win!
first, make a backup of your install.
Second; have those files removed by clicking “Delete file”
Remove any plugin that is not coming from wordpress, remove any template not in use. Update everything you see.
Re-scan using hypersensitivity – if things look clean, now monitor for a couple of days to see if it returns back.
Git checkout. You’re using git, right??
My advice? Don’t.
Reinstall WordPress from scratch, move just the media files (check and make sure there are NO other files) and reinstall the plugins/theme, maybe rollback to a previous database version as well.
Move NOTHING else from the current hacked installation.
You do have backups, right? If not, this is a lesson to have them asap.
We did this for a customer recently, he had a situation where SiteLock and his hosting company plus various plugins did not solve his issues. This did.
Backup your site > delete the files > scan again > change passwords > update everything
Hopefully you have a database back up before this happened.
You will be better off starting with a fresh install of WordPress and importing the database before the hack.
Before you do the fresh install of WordPress, remove all files. That way you have nothing remaining that could cause it to be hacked.
Also, check to make sure your plugins and themes are from reliable sources.
Wordfence for the win!
first, make a backup of your install.
Second; have those files removed by clicking “Delete file”
Remove any plugin that is not coming from wordpress, remove any template not in use. Update everything you see.
Re-scan using hypersensitivity – if things look clean, now monitor for a couple of days to see if it returns back.