Problem with my WordPress websites, HELP!!

I have 3 wordpress websites hosted on GoDaddy shared hosting. It was probably hacked. Because all my websites are automatically redirecting to a spam website. When I checked the file manager I can see that index.php in every websites root folder was replaced with spam code. Additionally, there were many other files created such as “.htaccess”, “.ftpquatas”, “about.php”, “.admin.php”, “wp-ver.php” and so on and all these file have functions like base64\_decode() and eval().

So I deleted these files, but they appeared back within a minute. Then I found the cron.php file that had the malicious code and I replaced it with fresh wp cron file, and yet the files appeared again.

So this time I entirely emptied the root folder of one of the 3 websites, hoping the files are generating via some code in the folder, but even after deleting every file in the folder, those files popped back again.

Where should I be looking?

https://preview.redd.it/4t0cn4b944zc1.png?width=651&format=png&auto=webp&s=ef4d0b18e3c95a2511b3ef53bd8f8044c80f7f2f

2 Comments
  1. That doesn’t look like a WP installation at all – none of those are WP files/folders.

    If you have multiple sites in the same account, they all need to be cleaned, otherwise one of them will just keep infecting the whole account.

    Restore your backups (locally), identify how the malware is getting in. It’s always via an old plugin.

  2. If all three files are on the same hosting account, then you need to clean ALL of them. bad code from one site can write into the directory of the other sites.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer