[ad_1]
I manage our club’s WP website and recently have been battling some type of infection within it. I find it adding strange files (ie, 5ccf291f69.php), messing with index.php and .htaccess, and changing file permissions. I’ve restored a bunch of these from backups, installed an Anti-Malware plugin that I’ve scanned numerous times, as well as re-installing all the core WP files. It’ll be fine for a few days and then get changed again. Obviously the anti-malware scans are missing something. Any recommendations before I do a wipe and re-install of WP?
[ad_2]
We’ve “cleaned” a lot of WordPress sites over the years. I always recommend a clean install and reconfiguration. Don’t import or copy anything from the old site without vetting it first. Review all the users, plugins, media, etc to make sure they are still valid/up to date/needed/and clean.
Don’t restore from a backup, you don’t know how long it’s been compromised before the changes you detected were noticed.
It’s the only way to be sure.
A total rebuild is the only way to be certain the hacks are gone. Have you downloaded any “cracked” premium plugins or themes? This is a very common cause of an infected site. If not, someone must’ve gained access somehow. Check out Wordfence for security.