Tools to use to scan
- Imunify (scan for malware and attempt to cleanup)
- WP-Toolkit (scan for vulnerabilities and good practices)
- Anti-Malware Security and Brute-Force Firewall Gotmls plugin (scan for malware)
- Sucuri Security (scan for malware)
- Stream or WP Activity Log (to track changes)
Restore if necessary
Restore from backup, if necessary, and check if the backup is not infected!
First delete files and database!
Cleanup process
If all else fails here is a cleanup process:
- Take a backup
- For each of:
- /wp-admin/
- /wp-includes/
- /wp-content/plugins/*.*
- /wp-content/themes/*.*
- Delete the folder
- Replace with clean copy of the folder with the same software version (core, plugin, theme)
- Update everything to the latest version
- Check for vulnerabilities and malware
