Cleaning out malware from server?

[ad_1]

I inherited a large WP site working for an NGO. We were alerted to malware affecting the site. Worked with the company who manages our server to run a malware scan, and they said everything was cleaned up. A few days later, we were alerted by them that excessive amounts of connections to the server caused the Apache scoreboard to fill up, causing our sites to time out.

I think I found the vulnerable plugin that led to the malware but unsure of how to proceed to clean out our servers. If I remove the plugin, the code where the malware is located may not be cleared and I am unsure of how to find the exact line of code causing the issues. Any help would be appreciated!

[ad_2]
2 Comments

  1. After identifying the cause (as you’ve hopefully done), cleaning a site involves deleting all files, except for wp-content/uploads. Then download WordPress, plugins and the theme from the source (not a backup)

  2. In addition to what u/bluesix said, you should check your database for any suspicious tables and check your db and site users.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer