Ok, I got rid of much of the malicious code with the help of Wordfence.
The hidden button links on my pages are now gone.
BUT, the new casino pages are still live on my website (though, users aren’t able to access them since the links were in the hidden buttons which are now gone).
Things I tried:
\- Did a mass search on all files in Public folder for text that I see on these casino pages, including the word “casino”, but it finds nothing.
\- Looked in the myphpadmin Post area to see if the new pages are there. I don’t see them.
\- Ran the free Wordfence. It finds some malicious code in functions.php, and I deleted some, but It’s hard for me to tell which lines are malicious.
Where else can I look? It seems like these pages are either coming from my database, or being injected remotely through a line of code somewhere.
note: no backup
If anyone familiar with this could you please PM me and I can share with you the links.
**Edit: I found a fuk ton of casino pages by searching the database for a piece of text I saw in the page titles. Hopefully this clears it up…**
Follow this guide on how to clean your site: [https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/)
But you also need to figure out HOW you got infected. 99% of the time it’s from a plugin that was either abandoned/not update or nulled.
Yup! Cleaning de DB sometimes is the only way… also, check your mains JS, there could be some data or code that you don’t recognize