Reply To: My WordPress site infected somehow. index.php always rewrited and have base64_d

May 28, 2024 at 12:44 pm #127461

Key Master

Thanks for sending me those screenshots. I could see that there was an actively running PHP process which was responsible for reinfecting that index.php file. It looks like your site is clean now that you killed that process and ran the Complete Scan again.

It would be good if you could tell where that infection came from since the rogue process was started by the root thread on your server and not triggered by a remote script on your website. If your whole server has been compromised then you may see this issue come up again in the future. You might want to consider moving your site to a more secure server to prevent this hack from coming back.

Testimonials

Hey, thanks a lot! Just donated and wish it could be more b/c your plugin has saved me headaches I've read about thus far. I will recommend to my editor/webmaster to use on pure.xahir.com We are active in the blogger community, publishing reviews and once got hit with weird stuff from all the increasing traffic. (Thanks also for the reminder email, it was great!)
-- Lisa

i use it for my website ... it worked very well thank you very much you saved me from a huge problem
-- berk sahin

Your plugin is simply amazing!

You should take a look at this.
It is spreading fast!
http://blog.sucuri.net/2015/03/pseudo-darkleech-server-root-infection.html
-- Bruno Accioly

Get Off Those Maliciously Loaded Scripts!
Download this free Anti-Malware Plugin for WordPress.