Fix an infected WordPress or FTP server

 

FTP



- Browse your folders, if you find new weird folder names of files, google them.
- Use a virtual machine, install a good Antivirus on it (NOD32 for example) and extract your FTP server on this virtual machine and analyze it.
- Check all the rights to files (Usually 644) and folders (Usually 755)
- Check and improve your .htaccess
 
 

Wordpress



- Upgrade Wordpress.
- Upgrade your themes (Uninstall the ones you're not using).
- Upgrade your plugins (Uninstall the ones you're not using).
- Install a antivirus/integrity plugin wordpress.
- Change your passwords.
- Install an additional identification plugin.
 
 

Logs



- Check if anyone is trying to brute-force your FTP server. You can ban IPs and range of IP. You can also more or less find the IP country with this website http://fr.geoipview.com/
- Check the web logs, particularly the POST request, check which files are receiving the requests. Check if these files already existed before
- You can block the IPs by asking your hosting company and also in your htaccess.