Someone injecting malware on my WordPress website every day.

[ad_1]

I have a couple of WordPress website hosted on 2 different hosting provider – Bluehost (shared hosting) and AWS (EC2)

For last 20+ days, someone is injecting malware script on my website every day.

I scan the whole server, remove the script and another day, it’s back again.

To prevent this from happening again, I have completely disabled WordPress admin login from htaccess.php by blocking all IP.

I have installed a malware scanner. I have disabled app Remote Desktop and FTP ports.

I have installed WordFence and yet somehow again the malware is seen when I view the source of the blog html in browser taking me to unknown casino and adult websites.

What are my options now?

[ad_2]
2 Comments

  1. Install wordfence, also change all passwords, database, cpanel, etc… also check for FTP accounts

  2. Try doing an in-place install of WordPress. You may have an infected core file that WordFence isn’t detecting. An in-place install might overwrite the intruder code and stop the reinfections.

    Also, install the Black Hole for Bad Bots plugin and make sure your robots.txt file is updated.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer