I've been struggling with my websites due a to a malware in my wordpress installation that every time I remove it.
It changes wp-setting, wp-config and index and adds the following code:
It creates a .ico file randomly in some directory that contains a huge-script.
I've tried changing the permissions, erasing this file, removing the script but it only pops again.
The sucuri plugin doesn't detect it. The wordfence plugin does.
I've even installed the wordpress security on the domain and it keeps poping.
Does anyone has a clue about this?
Thanks in advance
Solved! Go to Solution.
When I've had sites like this
1) I typically setup a brand new clean wordpress install
2) I manually re-install the plugins / theme (making sure I have the most up to date versions
3) I then copy the content manually between sites
If you are on a cPanel (a.k.a. shared) server and especially if you have multiple websites on the server, you may want to set up a folder for this outside of public HTML folder just to make sure it isn't another site in the folder causing the issue
I would then make sure that the wp-includes / wp-admin folders are locked down from a permissions perspective
Unfortunately this is one of the best ways to make sure you really clear out all the bad files / infected files
Once your issue is resolved,
please be sure to come back and click accept for the solution
I have figured this out and how to fix it. Look for a php decoder online drop this code from your config file in the encoder it will unencrypt it and tell you where the virus file is located. deleted it and the code in the config file that looks like the one below and problem solved.