Hello salescart,
You can hire some professional developer, who can reset all websites by deleting complete code files. Some malwares are very weird, they got hidden through different ways i.e. by changing permissions, or some hidden files in wp core directories.
Check if any rogue process under your user’s ownership is still running. If it is, you should stop it. Verify core checksums and re install them if they do not match. Here are few recommendations so that it does not gets hacked.
- Restrict access to files and directories. Set the permissions for the wp-config file to 600, for other files to 644, and for directories to 755.
- Block directory browsing
- Block access to wp-config.php
- Disable PHP execution in cache directories
- Block access to sensitive files
- Forbid execution of PHP scripts in the wp-includes directory
- Forbid execution of PHP scripts in the wp-content/uploads directory
- Block access to .htaccess and .htpasswd
Ok, that is helpful. Basically I want to restore the website, turn publishing off and make the website “read-only”.
Shayan H.
Wordfence can scan every file for every extension and fix it…..and I’ve done that including adding a new vanilla update to WordPress and shutting permissions down and it made no difference. Hacked again.
Sometimes wordfence or any other plugin also missed files, i.e. some files with 0444 permission cannot be reached even by security plugin on your WHM or cPanel, for that you have to fixed permission first of all and then delete files or scan it by permission 0444 or any other which is not normal.
