SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Evangelist's Avatar
    Join Date
    Apr 2002
    1 Post(s)
    0 Thread(s)

    Exclamation Malware detected on Wordpress blog - how to fix please?

    Our web host has said they have detected Malware on one of our WordPress blogs.

    We have updated the WordPress to the latest version, uploaded some WordPress security plugins, changed all passwords etc.

    Is there anything we can do to fix the malware issue please?

    Here are excerpts from the web host's email (changed folder name for security):

    "During a routine daily scan of this server we have identified file(s) within the account that appear to be compromised, based upon MD5 file hashes and HEX pattern matches of currently known exploits.

    List Of Exploited Files:
    {MD5}php.mailer.unclassed.7806 : /home/ukfiles/public_html/literaryblog/images.php => /usr/local/maldetect/quarantine/images.php.9977"

    Thank you very much. I appreciate your advice.
    Azam Marketing, Inc.
    Award-Winning Digital Marketing and Design Results Since 1997
    Click here to read acclaimed online marketing & design blog

  2. #2
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    West London
    0 Post(s)
    0 Thread(s)
    If the files they list are not ones that should be there, try deleting them and asking your web host to run another maldetect scan. If they are supposed to be there, then you'll have to replace the files with clean backup versions, or if backups don't exist, you'll have to sift through the code and remove any nasty stuff.

    If you don't already have it, try Wordfence security plugin. I find it very useful. search for the plugin.
    WangGuard is another one. Helpful with login form security.
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  3. #3
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Poole, UK
    103 Post(s)
    0 Thread(s)
    All run anti-virus and and anti-malware scans on any computer that you use to access the site via FTP
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  4. #4
    SitePoint Enthusiast
    Join Date
    Dec 2007
    0 Post(s)
    0 Thread(s)
    Actually, your hosting provider should be able to remove that content, you should just ask them to help you. It's common practice for any web hosting service.

  5. #5
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    19 Post(s)
    3 Thread(s)
    Aw, 2ndM has the correct answer (and is another maldet convert).

    There are other (older by now) threads that tell you how to secure your website. That includes taking it offline for maintenance, removing all but one FTP account and change to a VERY STRONG PASSWORD (, have your host make repeated maldet scans to ensure you pick-up all malware on your server (or simple DELETE everything and upload your "master set" of files - don't forget to cleanse your database, too!), run your own CRON at least daily to detect any file additions, changes or deletions and, if you're using "canned software," check daily for updates as script kiddies check hacker websites for exploits.


    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts