How to Fix Malware in WordPress
or Troubleshooting a problem that many WordPress users may experience, Little story. Some time ago I did a Free Plugin Install to set Website User Roles. I received a notification from a Google Adwords Ad that I ran on the website which said that the website had malware and tried to check for malware with sitecheck.sucuri.net there are suspicious scripts like :
And second find :
In that case it might be a bit panicky, Because the malware checking website does not display the code in which file, it only displays the script code.
A little Googling and found quite a lot of articles about this Malware, But most of the solutions found are to update plugins and themes. Yes, This method is recommended because the latest updates from Plugins and Themes will avoid attacks from weaknesses in previous versions. I also continue this method and hope to get rid of the malware on the website. Then I checked the malware again and the result was that this malware couldn't be lost that way. Then, I checked using File Manager on Hosting to see all files and do a recent file filter / newly edited files on the list in wp-includes. I found some quite suspicious files namely wp-tmp.php, wp-feed.php, and wp-vcd.php. Where the three files are very suspicious because they seem to have been edited by themselves. Then I tried to delete the three files and after deleting I tried to re-scan the malware. The result is very disappointing because the malware is still on the website. Then I searched for information about this wp-tmp.php wp-feed.php and wp-vcd.php and found the conclusion that these three files will always exist and cannot be deleted, I also checked back into the file manager by accessing wp-includes and the result is true I found the three files again which I previously deleted.
I opened the function.php file found in wp-themes and I found a surprising file :
This code is quite long, At the end of the code :
Conclusions and Solutions from this Malware are, By removing the code as above from the beginning of the code to the end (quite long code) in the function.php file in your wp-theme/namatheme, The next step you can delete wp-tmp.php, wp-feed.php, and wp-vcd.php which is in wp-includes. Hopefully this method works To make sure the Mal ware is gone you can do a Malware Scan on the sitecheck.sucuri.net, And if you experience this problem when advertising on Google Adwords, you can contact Google via Facebook or the Google Adwords Website to re-check the malware detected on your website..