Check for malicious code?

If you want to be certain your site is clean, you can either start with a fresh install of WordPress, all of your plugins and the theme.
An alternative would be to use the WP CLI verify-checksums to check your core and plugins for any modifications.

Perhaps the hardest one to clean is your database as malicious code could be hiding in any number of tables. Take a backup first before you do any sort of cleanup, and then you can start to look for common malicious code markers such as PHP eval, base64_decode, gzinflate, shell_exec etc. Take a look at this article for some further explanation on these.

The How to Clean a WordPress Hack article on the Securi.net website is also worth a read.

Related Posts:

  1. What’s the effect if this malware if infected your WP?
  2. Malware on site [closed]
  3. How to find the backdoor of the hack
  4. My wordpress site was hacked – is my htaccess file compromised?
  5. My WordPress Blog sends malicious traffic to other sites [closed]
  6. Hacked WordPress website, as notified by Google Search Console, what to do? [closed]
  7. How was my WP site hacked [closed]
  8. If a WP install is hacked, can it spread to other domains on a server?
  9. Find and Replace text in the entire table using a MySQL query
  10. Is it a good idea to rename the “index.php” in “wp-admin” folder to avoid being hacked?
  11. How to fight this wp-info.php exploit? [closed]
  12. Prevent Hacking of WordPress Site [closed]
  13. Suspicious URLs being loaded after hack and restore
  14. Server hacked: correct contents of wp-uploads directory? [closed]
  15. Site hacked with malware [closed]
  16. Copy wordpress website pages and content
  17. How do I know if my WP Theme is using infamous TimThumb?
  18. Spam pages hack? [closed]
  19. Why would a hacker add this code to each post, and how to do mass cleanup?
  20. Is the current spate of hacks related to the recent security fix?
  21. I have removed the malware from our website however, when I tried again to search the word from Google it is still there [closed]
  22. Have I been hacked? Mysterious code at the top of theme files [closed]
  23. Strange codes in my wordpress site and my website is running too slow [closed]
  24. Spam Content Serving from old cached version of site?
  25. How to solve wordpress redirection (no malware was found)?
  26. Help determining if the following are legitimate files
  27. My blog was hacked? WP posting random posts
  28. Have I been hacked – getting new site setup email for 8 localhost wordpress sites
  29. Site Hacked – WordPress Divi Site – Cannot find where to fix the issue? [closed]
  30. malware in wordpress installer on dreamhost. [closed]
  31. Where I can find a list of WordPress security risks?
  32. looking for indoxploit hack solution [closed]
  33. Why functions.php file automatically empty?
  34. Bruteforce attack from 127.0.0.1?
  35. WordPress installer attack
  36. Why wordpress is hitting another url
  37. Where do hackers usually run their hacking script? [closed]
  38. Malicious Code in Index.php WordPress [closed]
  39. WP Site Hacked, Serp Google Spam [closed]
  40. My site appears to be hacked [closed]
  41. WordPress Redirect Hack
  42. Strings of malicious code to look for after a hack
  43. Hacked/cloaked sitemap [closed]
  44. Verifying that I have fully removed a WordPress hack?
  45. If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
  46. Tips for finding SPAM links injected into the_content
  47. How Attackers write script into my php files?
  48. Is this a hacking script in function.php?
  49. What should I do about hacked server?
  50. Restrict access to xmlrpc.php
  51. Change WP-Login or WP-Admin
  52. hSite has no css on mobile [closed]
  53. How to mass delete one line from all posts after site hack
  54. Security issues with WP sites
  55. Invisible spam post in backend
  56. You appear to have already installed WordPress. To reinstall please clear your old database tables first
  57. Increased CPU load due to admin-ajax.php spam
  58. How to locate & delete hidden pages on a site
  59. sitemap contains weird links and does not contain my pages [closed]
  60. Malware script in database post table only? [closed]
  61. New user is assigned 2 roles: customer and superadmin
  62. How can I safely hide the fact that my website runs on WordPress? [closed]
  63. Hacked WordPress website /Homepage redirect [closed]
  64. WordPress Footer Missing After Website Hack
  65. My WordPress Websites are always under attack
  66. What is this code in my theme’s footer.php causing chmod permission warnings? [closed]
  67. Spam users registers even when registration is disabled
  68. What does this code do? (Injected code hacked)
  69. My WordPress website was hacked [closed]
  70. Hack-Proof OR Security in WordPress — is it real?
  71. How to find exploited wordpress plugin [closed]
  72. Some one is trying to hack my website, Need guidance [closed]
  73. Is wp-app.php or wp-apps.php needed for WordPress?
  74. Any known bugs that could cause disappearance of the wp_users table?
  75. Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
  76. On new server, site got hacked, permissions a bit strange? Please help
  77. Multiple attempted logins originating from the server IP itself?
  78. malware undetectable by multiple scans
  79. WordPress Hacked 5.5 admin-ajax.php [closed]
  80. Is there a simple way to set wordpress site files back to out of the box?
  81. Remove hacked code – out of ideas! [closed]
  82. Username was changed to “admin”
  83. Site blocked by WebSense on fresh WP Install
  84. Am receiving more than thousand mails in single day from ‘[email protected]’ continuously
  85. How to bulk delete a certain part of all wordpress posts
  86. WordPress Database Re-installed (Hacked)
  87. How to log into WordPress via GET/POST
  88. Verifying that I have fully removed a WordPress hack?
  89. Subpage is redirecting to spam site
  90. Open content directory help!
  91. Hacked site using transient API?
  92. After being hacked Fatal error: Call to undefined function get_header() in 404.php on line 1
  93. Could a user account with a stolen password compromised entire WP site?
  94. how to find the way they hacked my WP site
  95. How to remove content from hacked pages? [closed]
  96. How to stop repeated hack on header.php of custom theme? [closed]
  97. My WordPress site hacked with unwanted popups [closed]
  98. WordPress Hacks/Defacing [closed]
  99. Redirected You too Many Times and Homepage Not Loading
  100. WordPress website is redirecting on some different shopping page
tech