DateJanuary 10, 2020
How to remove WordPress malware keeps coming back
Here is some steps to get:
1. See if the malware have installed a plugin. Reinstall all the plugins.
2. Change the database password.
3. Get a fresh WordPress installation and move your theme and plugins into it.
4. Check to see if the theme has been infected. not only index.php but function.php, header.php, footer.php, wp-config.php etc..
5. install “wp-password-bcrypt” Reset all the passwords.
6. Disable xmlrpc.
7. remove any extra folders in your “public_html”.
8. check your .htaccess file. (Go to Settings > Permalinks and click Save Changes. This will restore your .htaccess file).
9. change the ftp login password.
10. check to see if you have any folder or files that shouldn’t be in your upload folder, wp-content > uploads.
11. check to see if you have any extra tables that shouldn’t be in your database.
12. Sucuri plugin has a future that shows recently modified files, maybe you find something there.