Greetings and thank you for your atention!
This morning a client called to announce me they tried to finalise an order paying by credit card, but nothing happened, reason being we do not offer to pay by credit card. I found some posts on the forum from two years ago and figured out my site has been infested with a credit card skimmer.
Studying multiple posts about the same problem, i found that in every case the malware code was found in form_checkout.php in Woocommerce files. My problem seems to be related to a plugin.
I found a plugin with a gibberish name in the WordPress plugin manager and deleted it. I then looked in the Cpanel file manager inside the plugin folder and found yet another gibberish plugin that did not show up in the manager. The folder in question is named [ deleted ] and it seems to be the one that makes the credit card fields show up at the checkout. I delete it and everything is ok until it appears again on it’s own.
These are the files contained within the folder and their content:
[ TOTALLY DELETED, NEVER POST THAT IN THESE FORUMS AGAIN. ]
There is another assets folder that contains some unviewable png files.
If anyone has any ideas on why the folder keeps reappearing and how to stop it i would be delighted. Thank you for your help!
