Hi,
I have a Grow Big plan (Siteground) with 4 wordpress.
Everyday my sites are hacked in this mode:
1) someone changes wp-config.php, index.php or wp-settings.php with dangerous code (es: @include …. ) and then these files has 755 permission
2) in wordpress subdirectories I find strange php file (es: aoisdja.php) or favicon_*****.ico files with dangerous code.
3) sometimes Siteground blocks one of these 4 wordpress because a spam code generates a lot of emails.
Meantime I try to:
1) clean wordpress db
2) clean wordpress dirs
3) reset passwords
4) install wordfence scan & wordfence firewall
5) remove strange users
6) update all plugins and wordpress core
7) reset file and dirs permissions
8) update wordpress keys
9) replace wp-admin and wp-include with last wordpress version
10) change ftp password, msyql password, email password
but these sites are already hacked.
How can I resolve this ugly situation?
thanks
