malware undetectable by multiple scans

There are many ways to infect a site – and many ways to hide that infection from the ‘popular’ security plugins.

One way to detect malicious code is via a file-hash-compare function. You may need to write your own though (I did, but it’s not perfect). That function would compare each file’s hash with a known good value in a database. You would previously have to hash an entire site – making sure it is clean, then run the hash-compare function against all files. Not an easy thing to do. (Even the one that I wrote doesn’t work perfectly. ANd you have to remember to run it…)

If you are already infected (as you are), manual intervention is advised. You need to change all credentials (FTP, hosting, database), remove all suspect files, all (from known good source, not just an update) WP core and themes and plugins, and more – then do it all again.

There may also be some malware hidden in the posts table. And fake ico files that contain code.

There are many googles/bings/ducks on how to clean a WP site. I have my own procedure (here https://www.securitydawg.com/recovering-from-a-hacked-wordpress-site/ ). It takes a bit of work and time, and monitoring afterwards.

Good luck.

Related Posts:

  1. How Attackers write script into my php files?
  2. Troll the hackers by redirecting them
  3. Decoded malware code [closed]
  4. esc_attr() right way and use
  5. Enforcing password complexity
  6. Does My Child-Theme Functions.php Need if{die} Security In It? [duplicate]
  7. Is this a hacking script in function.php?
  8. Renaming wp-content folder dynamically
  9. How do I create a WP user outside of WordPress and auto login?
  10. Security – Ajax and Nonce use [closed]
  11. Can I write ‘RewriteCond’ using ‘functions.php’?
  12. Is it unsafe to put php in the /wp-content/uploads directory?
  13. How to prevent bot or someone to modify any file automatically?
  14. Sanitize get_query_var() url parameters
  15. When must I use and verify nonce?
  16. Security issues with WP sites
  17. Hiding WordPress Plugin Source Code
  18. Is this code malidcous
  19. Admin username and password
  20. Evaluations of two wordpress security plans against php code injection attack
  21. WordPress custom login form using Ajax
  22. Detect session/cookie variable in wordpress to prevent access to documents
  23. Is there any risk setting WordPress file permissions and FS method to ‘direct’ on localhost?
  24. SQL Injection blocked by firewall
  25. How to prevent XSS alter custom global javascript object & methods in WordPress
  26. Generating an nonce for Content Security Policy and all scripts – How to make it match/persist for each page load?
  27. How can I safely hide the fact that my website runs on WordPress? [closed]
  28. Hacked WordPress website /Homepage redirect [closed]
  29. Cannot execute php files in wp-content
  30. How do I get around “Sorry, this file type is not permitted for security reasons”?
  31. Security: blocking direct access of php files
  32. Correct and safe way to include php content in my page
  33. Password minimum length in personal subscription [closed]
  34. How to add API security keys into JS of wordpress securely
  35. Is it best to avoid using $wpdb for security issues?
  36. Hardening uploads folder in IIS breaks images
  37. Security updates to 3.3.2
  38. how to prevent wordpress admin from logging in via woocommerce my-account page
  39. Updating From Mobile App – Exposing Site to Hacking
  40. security concerns if using html data-* attribute for l10n?
  41. How to correctly escape an echo
  42. Reject all malicious URL requests functions.php
  43. portfolio site – about this site section – is it safe to post some code
  44. echo cutom css code to WordPress page template file ? is this safe?
  45. How to secure my php forms
  46. $.ajax results in 403 forbidden
  47. Site infected by link
  48. Access WP files on “server 1”, from “server 2” – using wp-load on an external website
  49. Deny php execution in /wp-includes – using .htaccess in /wp-includes VS root folder
  50. Retrieve $_POST data to send to javascript without using localize script
  51. Previewing/Updating some Pages causes “The requested URL was rejected” Error
  52. What is the best practice for restricting a section to logged in users?
  53. Trying to see if page is category or single and displaying title with appropriate heading tag
  54. How to stop repeated hack on header.php of custom theme? [closed]
  55. How to quickly/easily make an analysis (reverse engineering) of WordPress?
  56. what to do after instlling cyberpanel on VPS
  57. how to get page id of a page using page slug
  58. How to set and use global variables? Or why not to use them at all
  59. How to stop form resubmission on page refresh
  60. How to get the ID of an item in an audio playlist?
  61. Add footer.php to WordPress child theme
  62. Passing a shortcode attribute to a sub-function
  63. how to display active, upcoming and past event with featured listing with pagination
  64. JS completely stopped loading but Files are found
  65. Insert post without actions/hooks
  66. Restrict WordPress File Type Uploads by User Type
  67. How to pass arguments to add_action() or retrieve return value of called function?
  68. Get WordPress Category ID from a URL string
  69. How to remove the cufon script from Dzonia Lite theme [closed]
  70. Ajax request returns ‘Array’. How to output the actual results?
  71. subdirectory index.php is not working
  72. Form Security: nonce vs. jQuery
  73. Normal PHP array for exclude section of WordPress query?
  74. Buddypress update user avatar image via REST
  75. Accessing $post after PHP is executed
  76. How to Change CSS Colors from Custom Plugin Settings Page
  77. Simple php in wordpress widget [closed]
  78. Assistance with elseif [closed]
  79. Link to page with posts of specific type
  80. Order a WP_Query by meta value where the value is an array
  81. How to use functions [closed]
  82. Conditionally load class in the comment section of the post page
  83. Manually Remove and Change WordPress Page/Post Title
  84. Updated to PHP 8.0 and WordPress site not working
  85. Applying css in functions.php
  86. Add more user roles to a PHP logout redirect function [closed]
  87. WooCommerce – template_redirect if is_checkout AND order has been paid?
  88. Hot to edit WooCOmmerce dashboard?
  89. Open/closed function [closed]
  90. (Xdebug Profiler) Why are there two cachegrind files generated for one page?
  91. If Month=Particular month display content [closed]
  92. Name Input from widget displays Sidebar name instead of saved data
  93. What is this mark for “? function()” [closed]
  94. wordpress.org disallowing my plugin becuase of loading core files in cron cpanel file
  95. How to fix wordpress after update to php 8.1?
  96. How to translate the blog date in the Avada theme [closed]
  97. Can php warnings cause an Internal Server Error?
  98. How to create different templates for woocommerce single-product.php?
  99. How can I update a value of a field depending on outside source?
  100. Restricting access to a file for everyone except logged in users