Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Moved to Fixing WordPress, this is not an Everything else WordPress topic.
Yes, this is a predefined reply but it’s good. That site needs to be deloused.
Please remain calm and give this a good read.
https://ww.wp.xz.cn/support/article/faq-my-site-was-hacked/
When you have successfully deloused your site then consider giving this a read too.
https://ww.wp.xz.cn/support/article/hardening-wordpress/
@jdembowski thanks for your reply. The quttera web scanner have found the below:
[ SNIP! ]
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Please do not post large code or responses like that here, it doesn’t work after ~10 lines or so.
If you need share that data please use https://pastebin.com/ instead and post the link to that paste.
That said, that showed that the site in question needs to be deloused. It’s not easy and does get a little technical but the link I provided will get you on the path to cleaning up that site.
@jdembowski
Data below: https://pastebin.com/embed_iframe/yMbYhkEM
I have read the links that you sent me, that is how i got that report, but have no idea what to do now.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
The first step is to preserve a back up of the site’s files and database.
https://ww.wp.xz.cn/support/article/wordpress-backups/
Don’t use a WordPress backup plugin. Installing any new plugins may cause more problems. Your host may be able to assist you. You need them to create a full mysql dump of the database and a zip file containing all of the site’s files. Show them this reply, they should be know what I mean by that.
Once you have those two backups (file and database) put that somewhere safe and off of your web server. Mark that as “Radioactive” because it is. The backup is your safety net. If you get in over your head then you can use that backup to restore to where you are now.
Yes, that will mean your site is still hacked but it’s still a good safety net.
Then get coffee, tea or water and scroll down to this part.
“Find and remove the hack.”
https://ww.wp.xz.cn/support/article/faq-my-site-was-hacked/
Give each of those links a read. They walk you through the delousing. Yes, they are mostly dated but the information is still good today. I particularly like this one.
https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/
But it does require patience. Somewhere in the files there are a back door. Deleting all of the plugins and themes (I am not kidding about taking a file backup) and installing new copies of WordPress, your plugins and your theme from ww.wp.xz.cn is a good start.
Hi @jdembowski
I followed your advise and after days and hours of work and trying to figure it out. I have cleaned the website with the help of quttera plugin. Unfortunately it is still finding one more suspicious file, it is the .htaccess file. I cannot find anything wrong with it though as the contents seem to be normal, code below:
https://pastebin.com/embed_iframe/tPZBFuzk
Also google ads are still stating that ads are disapproved and that there is malicious software in the site.
Any guidance please?
Much appreciated.
Regards,
Matthew
-
This reply was modified 6 years, 1 month ago by
dnmmalta.
Hello @dnmmalta
Can you please share the report entry for the detected .htaccess to investigate the detection reason?
Thank you
Thank you,
This is not a core WordPress file while it locates in wp-includes directory.
This is the reason why the scanner marked it as suspicious.
It is not malicious, you can whitelist it.
Best Regards
Michael
hi @quttera
Thanks a lot for your prompt reply. Sorry to ask you again but any idea why google ads console is still prompting that the website has malicious software. Anything else that I can do please?
Regards,
Matthew
The infection also could be hidden in the database used by WordPress.
Try to dump and investigate it for suspicious links or suspicious code snippets.
Best Regards
Michael
@quttera
I have never touched the database and or code, i just install plugins and do the necessary editing, nothing else 🙁
. Reason: Moved to Fixing WordPress, this is not an Everything else WordPress topic
