Title: wordpress malicious software
Last modified: April 8, 2020

---

# wordpress malicious software

 *  [dnmmalta](https://wordpress.org/support/users/dnmmalta/)
 * (@dnmmalta)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/)
 * Hi,
 * I have a problem with one of my client’s sites. Basically when trying to do a
   google ad it is giving us an error that states that there is malicious software
   on the website.
 * I have checked the website with [https://quttera.com/scanwebsite#](https://quttera.com/scanwebsite#)
   and no errors have been found. I am stuck and have no idea what to do.
 * Occasionally when googling the domain on google it will result to an ad site,
   something completely different from the site itself. It never happened on my 
   computer, but happened several times on my client’s laptops and now they seem
   to have stopped on their own without me doing anything, but i am also worried
   that the problem will happen again in a week or so.
 * Please someone encountered these issues?
 * Regards,
    Matt
    -  This topic was modified 6 years, 1 month ago by [Jan Dembowski](https://wordpress.org/support/users/jdembowski/).
      Reason: Moved to Fixing WordPress, this is not an Everything else WordPress
      topic
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fwordpress-malicious-software%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 12 replies - 1 through 12 (of 12 total)

 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/#post-12645141)
 * Moved to Fixing WordPress, this is not an Everything else WordPress topic.
 * Yes, this is a predefined reply but it’s good. That site needs to be deloused.
 * > Please remain calm and give this a good read.
   > [https://wordpress.org/support/article/faq-my-site-was-hacked/](https://wordpress.org/support/article/faq-my-site-was-hacked/)
   > When you have successfully deloused your site then consider giving this a read
   > too.
   > [https://wordpress.org/support/article/hardening-wordpress/](https://wordpress.org/support/article/hardening-wordpress/)
 *  Thread Starter [dnmmalta](https://wordpress.org/support/users/dnmmalta/)
 * (@dnmmalta)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/#post-12645279)
 * [@jdembowski](https://wordpress.org/support/users/jdembowski/) thanks for your
   reply. The quttera web scanner have found the below:
 * _[ SNIP! ]_
    -  This reply was modified 6 years, 1 month ago by [Jan Dembowski](https://wordpress.org/support/users/jdembowski/).
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/#post-12645449)
 * Please do not post large code or responses like that here, it doesn’t work after
   ~10 lines or so.
 * If you need share that data please use [https://pastebin.com/](https://pastebin.com/)
   instead and post the link to that paste.
 * That said, that showed that the site in question needs to be deloused. It’s not
   easy and does get a little technical but the link I provided will get you on 
   the path to cleaning up that site.
 *  Thread Starter [dnmmalta](https://wordpress.org/support/users/dnmmalta/)
 * (@dnmmalta)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/#post-12645471)
 * [@jdembowski](https://wordpress.org/support/users/jdembowski/)
 * Data below: [https://pastebin.com/embed_iframe/yMbYhkEM](https://pastebin.com/embed_iframe/yMbYhkEM)
 * I have read the links that you sent me, that is how i got that report, but have
   no idea what to do now.
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/#post-12645526)
 * The first step is to preserve a back up of the site’s files and database.
 * [https://wordpress.org/support/article/wordpress-backups/](https://wordpress.org/support/article/wordpress-backups/)
 * Don’t use a WordPress backup plugin. Installing any new plugins may cause more
   problems. Your host may be able to assist you. You need them to create a full
   mysql dump of the database and a zip file containing all of the site’s files.
   Show them this reply, they should be know what I mean by that.
 * Once you have those two backups (file and database) put that somewhere safe and
   off of your web server. Mark that as “Radioactive” because it is. The backup 
   is your safety net. If you get in over your head then you can use that backup
   to restore to where you are now.
 * Yes, that will mean your site is still hacked but it’s still a good safety net.
 * Then get coffee, tea or water and scroll down to this part.
 * “**Find and remove the hack.**”
 * [https://wordpress.org/support/article/faq-my-site-was-hacked/](https://wordpress.org/support/article/faq-my-site-was-hacked/)
 * Give each of those links a read. They walk you through the delousing. Yes, they
   are mostly dated but the information is still good today. I particularly like
   this one.
 * [https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/](https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/)
 * But it does require patience. Somewhere in the files there are a back door. Deleting
   all of the plugins and themes (I am not kidding about taking a file backup) and
   installing new copies of WordPress, your plugins and your theme from WordPress.
   ORG is a good start.
 *  Thread Starter [dnmmalta](https://wordpress.org/support/users/dnmmalta/)
 * (@dnmmalta)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/#post-12671831)
 * Hi [@jdembowski](https://wordpress.org/support/users/jdembowski/)
 * I followed your advise and after days and hours of work and trying to figure 
   it out. I have cleaned the website with the help of quttera plugin. Unfortunately
   it is still finding one more suspicious file, it is the .htaccess file. I cannot
   find anything wrong with it though as the contents seem to be normal, code below:
   
   [https://pastebin.com/embed_iframe/tPZBFuzk](https://pastebin.com/embed_iframe/tPZBFuzk)
 * Also google ads are still stating that ads are disapproved and that there is 
   malicious software in the site.
 * Any guidance please?
 * Much appreciated.
 * Regards,
    Matthew
    -  This reply was modified 6 years, 1 month ago by [dnmmalta](https://wordpress.org/support/users/dnmmalta/).
 *  [quttera](https://wordpress.org/support/users/quttera/)
 * (@quttera)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/#post-12671949)
 * Hello [@dnmmalta](https://wordpress.org/support/users/dnmmalta/)
 * Can you please share the report entry for the detected .htaccess to investigate
   the detection reason?
 * Thank you
 *  Thread Starter [dnmmalta](https://wordpress.org/support/users/dnmmalta/)
 * (@dnmmalta)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/#post-12671974)
 * hi [@quttera](https://wordpress.org/support/users/quttera/)
 * Please find the link below:
    [https://pastebin.com/embed_iframe/HqVgd4Hu](https://pastebin.com/embed_iframe/HqVgd4Hu)
 * Thanks,
    Matthew
 *  [quttera](https://wordpress.org/support/users/quttera/)
 * (@quttera)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/#post-12672731)
 * Thank you,
 * This is not a core WordPress file while it locates in wp-includes directory.
 * This is the reason why the scanner marked it as suspicious.
 * It is not malicious, you can whitelist it.
 * Best Regards
    Michael
 *  Thread Starter [dnmmalta](https://wordpress.org/support/users/dnmmalta/)
 * (@dnmmalta)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/#post-12672738)
 * hi [@quttera](https://wordpress.org/support/users/quttera/)
 * Thanks a lot for your prompt reply. Sorry to ask you again but any idea why google
   ads console is still prompting that the website has malicious software. Anything
   else that I can do please?
 * Regards,
    Matthew
 *  [quttera](https://wordpress.org/support/users/quttera/)
 * (@quttera)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/#post-12672771)
 * The infection also could be hidden in the database used by WordPress.
 * Try to dump and investigate it for suspicious links or suspicious code snippets.
 * Best Regards
    Michael
 *  Thread Starter [dnmmalta](https://wordpress.org/support/users/dnmmalta/)
 * (@dnmmalta)
 * [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/#post-12672780)
 * [@quttera](https://wordpress.org/support/users/quttera/)
 * I have never touched the database and or code, i just install plugins and do 
   the necessary editing, nothing else 🙁

Viewing 12 replies - 1 through 12 (of 12 total)

The topic ‘wordpress malicious software’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 12 replies
 * 3 participants
 * Last reply from: [dnmmalta](https://wordpress.org/support/users/dnmmalta/)
 * Last activity: [6 years, 1 month ago](https://wordpress.org/support/topic/wordpress-malicious-software/#post-12672780)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics