I keep cleaning .class-wp-cache.php but the system keeps on detecting again and again. It’s getting reinfected again and the wp-load.php file is infected as well. how to resolve this?
You need to fix whatever vulnerability has been allowing this exploit. If it’s a crossover attack from another infected site on the same shared hosting server then you should probably move you site to more secure host.
Change all your passwords. Look for any rogue admin accounts in your users. Check the access_log files on your server to see what activity there was at the exact time of the last infection.
Only one site has this issue. There are other 3 which are perfectly fine and also using your plugin. Only one website is having this issue. Can you please check? I can share the credentials with you and you can check what’s the issue as only this website have these files.
If you want to email me directly with an admin login then I can take a look but the key to finding the source of this issue is in the access_log files. Without the the info from the access_log files it’s like hunting blind. If you want me to look at it for you then please also send me the latest access_log file for this site (ask your hosting provider where to find that file if you are not sure).
