There are two types of malware infecting WordPress, one made of javascript and the other made of php.

What is javascript and PHP?

Javascript is a scripting language included in WordPress themes and plugs that is executed in the browser only when a user accesses the site.
Malicious javascript scripts that run in the browser cannot rewrite files by themselves and can move users from the browser to another site without their permission, or force them to enter login information that displays an incorrect screen for a fake user, etc. User.

php is the programming language in which wordpress is created and has very much greater privileges than JavaScript.

This means that php malware is the main cause of the creation and output of the aforementioned malicious javascript programs.

Danger level of malware

php malware > javascript malware (malicious scripts)

Removal of javascript and php malware

Since php malware is the cause of the aforementioned malicious javascript output, it is first necessary to remove the php malware.

However, WordPress generally has thousands of legitimate php programs, and it is extremely difficult to find php tampering and malware among them.

In this case, the easiest way to get rid of malware is to get professional help or use a plugin that will mechanically inspect for malware.

Free] WordPress: Malware Scan & Security Plugin [Malware and Virus Detection and Removal

Get rid of javascript malware that plugs vulnerabilities in your site

Eliminates php malware and then also eliminates javascript malware that is being generated.

However, if the vulnerability of the site that allowed the hacker to enter in the first place is not plugged, the site will be reinfected from that vulnerability.

Make your wordpress admin password strong.

Inspect and remove the fraudulently generated WordPress administrator.

Update old plugins and other vulnerabilities that have not been updated for more than a few years of updates.

Malware may have spread from other sites on the server, so if there are other sites on the server, perform malware inspection and removal updates for them as well.

Reference
Five free WordPress security measures

Related Posts:

  1. 10 files in which malformed JAVASCRIPT code is embedded when WordPress is tampered with.
    This section describes a file in which redirect hack code is often embedded, which causes a WordPress-created site to jump to another site when accessed (redirect)....
  2. Can WordPress malware infect database data?
    We will explain how an infection (tampering) with the WordPress database can cause the files on the site (server) to be tampered with....
  3. Can WordPress malware infect the server itself (Apache)?
    We would like to explain from our experience whether WordPress malware can infect the server itself (Apache)....
  4. 5 characteristics of malware files that infect WordPress
    Here are some characteristics of malware files that can infect WordPress. If such a file is found on the server, it is most likely malware....
  5. Can the WordPress database be tampered with or infected by malware?
    Most WordPress malware and tampering is done to program files, and only rarely is the database tampered with. However, when a database tampering vulnerability is found in a very popular plugin, database tampering (known as SQL injection) hacking can become an epidemic....
  6. A case of malware embedding where WordPress sends you to another site without your permission for robot verification.
    There has been a recent increase in cases of redirect hacks where WordPress sites are redirected to another site for robot verification without permission. Here are some examples of this malware embedding and how to deal with it....