jackandy

Hello Peter,

thanks for your thorough reply and sorry for my late one. I was waiting for my host’s advice. Basically, after a week of waiting they are saying, they cannot guarantee that the backup they restored (, which was indeed a response to my WordPress being hacked and spam emails being sent from it,) was acutally 100% clean to begin with. It looked clean to them. They cannot help me any further and suggest I rebuild my website to really make sure it is clean. That I find unsatisfactory on their part and I think I am going to change my hosting service as soon as this issue is resolved…

That said, now you wouldn’t be malware experts if you couldn’t help me get rid of the malware and have it stay this way, I am sure. As I know my way around WordPress but not so much around the server side of it, I would like to use your services to help me like you offered. What info/data do you need from me to do this? Please get in touch with me: [email protected] or by phone +49 160 977 39 260 (I live in Germany).

I made a full backup and am changing all my passwords for all your suggested places as we speak. I also have multiple other (local) backups from WPvivid (which might be compromised as well because they were local on the server. There are several older backups on my hard drive as well if things really go bad.

The website host “commented the Wordfence plugin out” like so:

#<FilesMatch “.(PhP|php5|suspected|phtml|py|exe|php)$”>
# Order allow,deny
# Deny from all
#</FilesMatch>

so that I have access the Admin area again. That is all they did on the plugin, just so you know, that it has been “manipulated”.

Thanks a lot in advance!
Andreas.