How to Get Rid of Spam and Malware in PHP Links

My Wordpress site is hosted by FatCow which uses Sitelock to run periodic scans on all websites. They came back with a report stating that I have 33 possibly infected files with possible malware and the report I printed shows examples such as

/wp-content/themes/twentyfourteen/functions.php: LONGDEF.PHP.Spam-Links-009N.UNOFFICIAL FOUND

I have no idea where to go to fix these links. Where do I go and what do I do?

You need to clean up all the files that are listed in the report.

The best thing is to do a complete update of your WordPress site. It could be that you haven’t updated the WordPress core and plugins in a while and that is why your site was vulnerable. If you are not sure what to do, it might be best if you get someone who is experienced with this to do the updates.

If you want to do it yourself, make sure you make a backup of your site files and your database first.

If you want to do the update yourself and would like help, let us know.

You should also make sure all your usernames / passwords (to the hosting and the site dashboard) are changed to new secure ones.

By the way, what theme is your site using?


I just did an update on the site and plugins. Will that get rid of any malware?

I am using Theses 1.3

I am a starving artist so I don’t have the funds to hire someone to do this.

I will have to do the updates myself.

What is the best way to back up files?

If you are not using any other themes, such as twentyfourteen, you should delete them from you folder. The example you gave indicates that one of the infected files is in that theme.

You probably should do an update by completely replacing all the files except your wp-config.php file, .htaccess file and your wp-content folder (after you delete any un-needed themes), not the automatic updates. You want to make sure you have deleted all the infected files.

If you have FTP access or CPanel access on your hosting account, just download your site files to a folder on your desktop. Then you should probably save this folder somewhere safe (not on your computer just in case your computer dies).

Check the infected file report to see if any of the files in your wp-content folder are infected.

1 Like

There is a plugin called backWPup that you can install into WordPress itself that can run full backups for you automatically.

Great. I’ll get on it.

Ok. I will do that. Thanks so much for the help.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.