abletec

navcom376, if you can’t remember your password, click the ‘forgot password’ link, & you’ll be emailed a link wherein you can reset it.

I’m so glad we were able to make some progress. I think 1 of the areas of confusion is that many folks actually develop their sites on their computers, &/or test stuff, so that if things explode, they do so on your local box as opposed to your production site. Good thing! I think that’s what we thought you were trying to do.

Everyone has to start somewhere. We were all in your shoes once. I was 8 years ago. Newbie is a scary place to be. But when you admit you don’t know something, it’s the first step toward learning.

navcom376, yoursite.com/wp-admin is not an actual address. yoursite.com is a placeholder for your actual site address, which we don’t have. Is that clearer?

navcom376, I was actually asking if the database was created on your local machine.

Maybe you should consider
https://bitnami.com/stack/wordpress/installer
instead. It’s rather a 1-click install solution. I think it might be easier for you. Please note this is not an endorsement of any kind, either by ww.wp.xz.cn forum personnel or me personally. I actually use Xampp myself, but I started doing that long before Bitnami, & it’s what I’m used to. Old dogs, new tricks, etc. See if that doesn’t help, ok?

Hello, navcom376. You don’t tell us how you installed WordPress, ie, Xampp, Mamp, a virtual box, or what?

So w/o the needed info, I’m going to make some assumptions, & you know what you do when you do that. However, try typing:
http://localhost/wordpress
replacing wordpress w/whatever folder you installed it to.

Hello, edwardsmark. If your site is comptonpesltrainers.com, then you’re throwing a 500 internal server error, likely due to moving those files. You may wish to reexamine.

Hello, @edwardsmark, & welcome.

Truthfully, trying to find “infected files” is more futile than looking for a needle in the proverbial haystack. There are several reasons for this. It’s important to realize that when a criminal breaks into your site, the first thing they want to do is establish a “backdoor” by which they can maintain control of your site. That often means things like hidden shells, Secondly, the problem may well extend beyond your WordPress installation to configuration files & even your database. You haven’t told us what sort of hosting you’re running, but, I gather from what you’re asking that it’s at least a virtual server on which you have root access. So it really depends on whether or not the underlying operating system is compromised as well as your site. It also depends on whether or not the database is involved, as well as whether your uploaded files are free of malicious code. If the backdoors aren’t eliminated, your site will continue to be compromise, you’ll clean it up, & it’ll just get reinfected all over again. Some favorite places include .htaccess, functions.php, & files of outdated software. However, as I stated, in your case, all operating system files should be suspect till proven otherwise.

The safest thing you can do is back up your database & user-generated content, ie, uploads, purchased 3rd-party software, configuration files you’ve modified, etc, reprovision the server, reinstall WordPress, & replace user-generated content & purchased 3rd-party software w/known good copies. You should also examine your database for suspicious content, ie, scripts, & especially be alert for words like:
* base64;
* eval;
* preg_replace;
* strrev.

These words are not proof positive that a compromise exists, nor is this by any means an exhaustive list, but it is a good starting point. Files containing these may also be suspect, but bear in mind that sometimes images use base-64 encoding, & some plugin authors use eval, though it’s not really considered to be best practice, from what I’m given to understand.

You may wish also to refer to your firewall logs to see if you notice any suspicious outbound traffic. Also, be aware that if you’re doing any advertising that is not under your specific control, ie, it’s generated via a 3rd party, then that may be where the problem is arising & not from your site per se.

I would suggest joining Google Search Console (www.google.com/webmastertools), & see if perhaps they’re flagging anything. Look both to the ‘Security Issues’ tab & to the ‘Search Traffic > Manual tab to see if they’re noting anything suspicious. That may provide insight into the url’s being used by the malware, if nothing else.

Good luck w/this. I know it’s frustrating. Hopefully something here has helped.

Hi, Christina. Accessing files is done either via your hosting provider’s control panel under ‘File Manager’ or similar, or an FTP client like Filezilla. Your hosting provider’s file manager is “in the account where you can see your domain & everything looks fine”, as you phrase it.

The file that Steve asked you to access is called wp-config.php. You’ll see a line there that says, in part, WP_DEBUG, ‘false’ He wants you to change that ‘false’ to ‘true’.

The .htaccess file is a hidden file, so you’ll want to ensure that the option to view hidden files is enabled. Because each hosting provider differs, I unfortunately can’t be more specific than that.