Wordpress site infected with Malware.

[Sajesh Mohan]

wordpress and we keep getting malware in the php files.affected with EVAL & Base64 malware

 

how can i solve the issue.

[nicsnow]

check out ftp server and look for the latest modified file. If it looks dodgy delete it. Then shore up your patches/server protection. Look at the htaccess file

[erinpurdy]

My friend had the same problem but he modified and backup the files before he did the process.. I'll ask him again the whole details what he did to fix the virus and I'll keep you posted.

[TimeBomb]

I've actually been dealing with a few clients of mine who have recently had their Wordpress sites injected with malware.

I dealt with 3 different websites.

Two of them were very similar. A plugin and file in the wp_uploads folder allowed for easy code injection. Code was injected into a few index.php files.

 

I manually removed the code, double and triple checked every single file for any sort of possible issue. I searched for the keywords eval, base64, and <script. All keywords that aren't heavily used throughout Wordpress, but are quite common to website injections.

 

After finding nothing, I went into the wordpress admin panel, made sure there were no 'ghost' users, as some malicious bots will set themselves up as administrator as to easily reinfect your website. I updated wordpress and every single plugin. I changed the wordpress password.

 

Because these types of viruses can also infect websites through a user accessing the website's admin panel, FTP, etc, I told my clients to scan for viruses and malware in any and all computers which they may use to access these backend interfaces.

 

 

The third one was a lot worse. Every single PHP file was infected. I backed up what I could - including uploaded images (making sure there were no PHP files and no malicious files in the folders), and the database. I took note of all the installed themes and plugins, and then proceeded to delete every single file on their FTP. It was that badly infected.

 

I cleanly installed Wordpress. This entire process was made easier because she had been using the latest version of Wordpress. I restored her database, changed her wordpress admin password, as well as FTP password, and told her to completely scan all her computers, as I did my previous clients. I made sure I installed the latest version of all the plugins that she was using, and I also restored her themes.

 

 

The malware has not returned.

[trafacs]

Hi Dude,

 

Look at the htaccess file, Than check your last updated file/folder.

if you find any extra file's there, check properly and remove if not supporting to you.

may be it will be solved.