Title: Malicious code cleaned/added again
Last modified: April 25, 2017

---

# Malicious code cleaned/added again

 *  Resolved [martamars](https://wordpress.org/support/users/martamars/)
 * (@martamars)
 * [9 years, 1 month ago](https://wordpress.org/support/topic/malicious-code-cleanedadded-again/)
 * Hi, I have a problem with malicious code on my hosting. I host my wordpress sites
   and it is on every one of them.
 * Wordfence found these problem:
    G212 – variation 2 supp2 infection Backdoor:PHP/
   dfuidbo Backdoor:PHP/kidslug and unknown files added.
 * After I clean my sites, all these codes are added back again after some time.
 * How could I get rid of that once and for all.
 * Thank you for any kind of help.

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [bethplummer](https://wordpress.org/support/users/bethplummer/)
 * (@bethplummer)
 * [9 years, 1 month ago](https://wordpress.org/support/topic/malicious-code-cleanedadded-again/#post-9065589)
 * My issue sounds the same. I am currently using Bluehost. Seemed like this happened
   after WordFence update maybe?
 *  [bluebearmedia](https://wordpress.org/support/users/bluebearmedia/)
 * (@bluebearmedia)
 * [9 years, 1 month ago](https://wordpress.org/support/topic/malicious-code-cleanedadded-again/#post-9066198)
 * There’s clearly been a backdoor installed on the site that is allowing hackers
   continued access. This is independent of Wordfence (possibly at the server level–
   particularly if WF is not finding any issue on the site files itself…)
 * Check these links for more info:
    [https://www.wordfence.com/learn/has-my-site-been-hacked/](https://www.wordfence.com/learn/has-my-site-been-hacked/)
   [https://www.wordfence.com/learn/how-to-harden-wordpress-sites/](https://www.wordfence.com/learn/how-to-harden-wordpress-sites/)
 *  [wfyann](https://wordpress.org/support/users/wfyann/)
 * (@wfyann)
 * [9 years, 1 month ago](https://wordpress.org/support/topic/malicious-code-cleanedadded-again/#post-9070553)
 * Hi [@martamars](https://wordpress.org/support/users/martamars/),
 * In addition to what was posted by [@bluebearmedia](https://wordpress.org/support/users/bluebearmedia/)(
   thanks for that!), I would suggest you check the modified timestamp on the files
   when they appear, then look into the web server access log file for that timestamp
   to see if you can get any clues about what is happening on the site when the 
   files are created.
 * Alternatively, you could also hire an expert to carry out a thorough site cleaning.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Malicious code cleaned/added again’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [hacked](https://wordpress.org/support/topic-tag/hacked/)

 * 3 replies
 * 4 participants
 * Last reply from: [wfyann](https://wordpress.org/support/users/wfyann/)
 * Last activity: [9 years, 1 month ago](https://wordpress.org/support/topic/malicious-code-cleanedadded-again/#post-9070553)
 * Status: resolved