I’ve got 5 wordpress sites on the same host, and they’ve all been compromised with malware. I’ve done everything I can think of but my virus scans are still turning up new malware every day. Here’s what I’ve done:
Changed to strong passwords for WP login and Cpanel
Installed iThemes Security plugin, (turning on settings like Brute Force login, Protect System Files, Disable Directory Browsing, Filter Request Methods, Filter Suspicious Query Strings in the URL, Filter Non-English Characters, Filter Long URL Strings, Remove File Writing Permissions, Disable PHP in Uploads, plugins & themes, Remove the Windows Live Writer header, Remove the RSD header, Disable File Editor, Disable XML-RPC
Set directory permissions to iThemes’ suggestions. Later, somehow my root directory permissions changed from 755 to 750 on their own. Not sure if this is relevant, since that’s less permissions?
Installed Anti-Malware from GOTMLS plugin and turned on all protection settings
Scanned using the GOTMLS plugin, and discovered 60+ malware files, many of which my hosting service didn’t discover.
Removed all malware files
Changed WP login and Cpanel passwords again
So I’m no longer getting boatloads of malware files, but I am getting several backdoor scripts with names like “w43875196n.php” uploaded every day.
Not sure what to do at this point. Any ideas?