WordPress based websites are mostly targeted through vulnerable plugins, themes installed on a WP website. They tend to inject their malicious code in header.php or footer.php under /wp-content/themes/<theme_name> as it loads up with every page of your website. It’s a smart way to infect full website with just one file.
- Replace your website folder with clean copy of website.
- Perform a sucuri malware scan i.e. http://sitecheck.sucuri.net/scanner/ to check if you are already blacklisted
- Inspect your plugins or themes folder for malicious code
- Remove the malicious code from infected files
Once done, next step is to inspect your WP database.
WP Database Inspection
- Login to PHPMyAdmin
- Click on database_name in use ( ex. wordpress_database )
- Export your complete database in a .sql format and open it in a text editor
- Do a search for malicious code or any suspicious encoding
- Backup your website DAILY if possible.
- Keep your WP version up-to-date
- Have few of the security plugins installed for your WP website