Malware detected on Wordpress blog - how to fix please?

[Azam.net]

Our web host has said they have detected Malware on one of our WordPress blogs.


We have updated the WordPress to the latest version, uploaded some WordPress security plugins, changed all passwords etc.


Is there anything we can do to fix the malware issue please?


Here are excerpts from the web host's email (changed folder name for security):


"During a routine daily scan of this server we have identified file(s) within the account that appear to be compromised, based upon MD5 file hashes and HEX pattern matches of currently known exploits.

List Of Exploited Files:
=========================================================================
{MD5}php.mailer.unclassed.7806 : /home/ukfiles/public_html/literaryblog/images.php => /usr/local/maldetect/quarantine/images.php.9977"


Thank you very much. I appreciate your advice.

[2ndmouse]

If the files they list are not ones that should be there, try deleting them and asking your web host to run another maldetect scan. If they are supposed to be there, then you'll have to replace the files with clean backup versions, or if backups don't exist, you'll have to sift through the code and remove any nasty stuff.

If you don't already have it, try Wordfence security plugin. I find it very useful. search for the plugin.
WangGuard is another one. Helpful with login form security.

[SpacePhoenix]

All run anti-virus and and anti-malware scans on any computer that you use to access the site via FTP

[winagain]

Actually, your hosting provider should be able to remove that content, you should just ask them to help you. It's common practice for any web hosting service.

[dklynn]

Aw, 2ndM has the correct answer (and is another maldet convert).

There are other (older by now) threads that tell you how to secure your website. That includes taking it offline for maintenance, removing all but one FTP account and change to a VERY STRONG PASSWORD (strongpasswordgenerator.com), have your host make repeated maldet scans to ensure you pick-up all malware on your server (or simple DELETE everything and upload your "master set" of files - don't forget to cleanse your database, too!), run your own CRON at least daily to detect any file additions, changes or deletions and, if you're using "canned software," check daily for updates as script kiddies check hacker websites for exploits.

Regards,

DK