Hi @woodslabs ,
My client encountered a similar issue and after investigating, this malicious code creates an administrator account called ‘wordpresslicensed’ and adds a plugin “core-handler”. However, the malware hides this administrator account and the plugin in the dashboard. I recommend to use ftp to remove “core-handler” in the plugins directory, and then delete the administrator ‘wordpresslicensed’ from the database or users.
-
This reply was modified 1 year, 1 month ago by Hongtao Ding.
