wp-salt.php and wp-cli.yml File present in public_html folder

These are safe.

Normally the contents of wp-salt.php is in the wp-config.php. The reason you site became inaccessible is due to the change in wp-config.php to include wp-salt.php. I.e. include(‘wp-salt.php’);

You can delete wp-salt.php, but be sure to copy the defines into the wp-config.php were the “include(‘wp-salt.php’);” line is and remove the “include(‘wp-salt.php’);” line.

The wp-cli.yml file is part of WP-Cli. I suspect is was created when you ran “wp core verify-checksums”. To be sure, you should read the contents.

Related Posts:

  1. Verifying that I have fully removed a WordPress hack?
  2. If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
  3. Tips for finding SPAM links injected into the_content
  4. What should I do about hacked server?
  5. How can I find security hole in my wordpress site?
  6. How to prevent bot or someone to modify any file automatically?
  7. wp-config.php modified?
  8. Suspicious Files
  9. How to prevent wp-login brute force attack from thousand of different IP? [duplicate]
  10. Malware script in database post table only? [closed]
  11. Verifying that I have fully removed a WordPress hack?
  12. How can I safely hide the fact that my website runs on WordPress? [closed]
  13. My WordPress Websites are always under attack
  14. How to find exploited wordpress plugin [closed]
  15. Any known bugs that could cause disappearance of the wp_users table?
  16. On new server, site got hacked, permissions a bit strange? Please help
  17. Replace domain in database
  18. Remove hacked code – out of ideas! [closed]
  19. WordPress Database Re-installed (Hacked)
  20. Verifying that I have fully removed a WordPress hack?
  21. Could a user account with a stolen password compromised entire WP site?
  22. how to find the way they hacked my WP site
  23. How to stop repeated hack on header.php of custom theme? [closed]
  24. Is my WP site being hacked?
  25. Should WordPress Add Options to Enhance Security or Leave it to plugin developers? [closed]
  26. WordPress Hacks/Defacing [closed]
  27. what is a auth_user_file.txt?
  28. How to view PHP on live site
  29. Is moving wp-config outside the web root really beneficial?
  30. Hide the fact a site is using WordPress?
  31. Best way to eliminate xmlrpc.php?
  32. Are Nonces Useless?
  33. What is the difference between esc_html filter vs attribute_escape filter?
  34. Which KSES should be used and when?
  35. How do WordPress Nonces Work?
  36. Disable comment windows for all existing posts (pages/blogposts)
  37. How Attackers write script into my php files?
  38. Generate WordPress salt
  39. Stop wordpress automatically escaping $_POST data
  40. how can i embed wordpress backend in iframe
  41. Handling nonces for actions from guests to logged-in users
  42. Can I force a password change?
  43. How brute-forcer knows that the password is cracked for target username?
  44. What is pclzip.lib.php file that wordfence think it’s a malicious code
  45. Can someone (Support of my themeprovider) get access to my server If I send them my admin login?
  46. How to disable XML-RPC from Linux command-line in a total way?
  47. How to remove javascript malware in wordpress site [closed]
  48. Securing my WordPress Files and Directories
  49. Single sign-on: wp_authenticate_user vs wp_authenticate
  50. How to allow internal links using wp_kses filtration
  51. hSite has no css on mobile [closed]
  52. How does Cross Site Scripting (XSS) work exactly? [closed]
  53. Relative security of different releases of WordPress
  54. How does the “authentication unique keys and salts” feature work?
  55. vs WordPress Security
  56. esc_html__ security : what for in this example?
  57. Using HTACCESS for Secret Access
  58. wp-config.php being written by attacker
  59. XML-RPC errors they know my username?
  60. Is [admin / admin] acceptable for all local websites?
  61. Simple Online Payment for Event Registration [closed]
  62. What may be causing failure of auto-install features in WordPress (v3.0.3)?
  63. Client side HTTP parameter pollution (reflected)
  64. Local file inclusion critical security issue [closed]
  65. Best practices to assert current_user_can() with guests
  66. wordpress website host price and security [closed]
  67. XMLRPC slow and weird websites/services
  68. Is it safe to hand over the admin rights?
  69. how much information can we hide when using wordpress cms?
  70. How I can open back door for myself?
  71. System setting changed by system user
  72. How can I force a specific password?
  73. malware undetectable by multiple scans
  74. Are SVG image files safe to upload? Why WP defines them as a security risk? [duplicate]
  75. Who updates the wp-admin/core file?
  76. How WordPress sanitizes post content on save? Or it doesn’t?
  77. Does this code indicate an exploit?
  78. Checking for origin of a xmlrpc request
  79. Has anyone developed a anti-spam plugin to simply allow users to BLOCK whatever they wish to, but one that will also go easy on IP addresses?
  80. User generated content and security
  81. HSTS header not being added correctly
  82. how to protect wordpress content from crawler
  83. Securing WordPress running on Azure platform
  84. Can WordPress admin user + database credentials be used to gain Cpanel or FTP access?
  85. Should I worry about SQL injection when using REST API?
  86. Spam Registrations
  87. Links to root domain from search engines don’t work, but direct links and links from other referrers do
  88. How can I backup my site if it gets hacked?
  89. How can I have more confidence that WP plugins aren’t getting and storing user data?
  90. Secure Multiple WordPress Installations on shared hosting
  91. Any way to disable /wp-login.php redirecting to the site folder?
  92. Able to go to WordPress admin even after deleting auth cookies from request headers
  93. Is WordPress ready for GDPR compliance? [closed]
  94. suspicious boolean.php file in wp web root [closed]
  95. Bank account number and Sort Code in a form [closed]
  96. WP-JSON: Cross Origin Resource Sharing Vulnerability?
  97. Why should I firewall servers?
  98. Does drilling a hole into a hard drive suffice to make its data unrecoverable?
  99. Fix CVE-2017-5487 vulnerability
  100. Content Security Policy blocking images from installed plugins’ popup info window, as they are from external domains – global fix?