I would like to explain why WordPress malware (tampering) spreads to all sites on the server.

On a shared server, it is unlikely that the server itself has been hacked.

If all (or many) of the sites on your server are infected with malware, you may wonder if the server itself has been hacked by hackers.
However, if a major shared server itself is hacked, it means that all users’ sites on it can be defaced, which is a serious situation. (It would probably be a case of a flawed server management company that would be reported as news.)

As far as we know, this has never happened on a shared server, and in most cases, the vulnerability of the WordPress site you have on your server was breached, and the infection spread from one site to the others.

Since the root folder of a shared server is shared by multiple sites, if one of those sites is infected with malware, the other sites may be at risk as well.

The figure below shows the folder structure of a shared server. You can see that the folders of multiple sites share a single root folder.

Malware is increasingly scanning this folder structure and writing malware to all sites sharing the root folder.
This means that even if no other sites are vulnerable, a single WordPress site can cause the infection to spread to all sites on the server.

If one site on your server becomes infected, we recommend that you perform malware scanning and security measures on all sites on your server.
The following are some of the free measures that can be taken

[Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

Five free WordPress security measures

Related Posts:

  1. What to do if you have multiple WordPress sites on your server and find that they are infected with malware
    If you have multiple WordPress sites on your server and find that they are infected with malware, here is what to do....
  2. Spread of malware infection to WordPress sites due to neglect of old Movable Type
    Malware infection is not only a WordPress problem, but is common to all CMS. (WordPress stands out because of its overwhelming popularity, but…) There are an increasing number of cases where old Movable Type is left unattended on a server and malware infection spreads to WordPress sites from there....
  3. What to do when multiple (or all) sites on a single server are infected with malware
    We are seeing an increasing number of cases of multiple WordPress sites on multiple domains within a single server, all or many of which are infected with malware (viruses and tampering)....
  4. Can WordPress malware infect the server itself (Apache)?
    We would like to explain from our experience whether WordPress malware can infect the server itself (Apache)....
  5. It is dangerous to get rid of WordPress malware infected sites one by one!
    If you have multiple WordPress sites on multiple domains under a single contract, and it is clear that several of them are infected with malware (tampered with), it may be dangerous to repair them one by one....
  6. If you have unused or abandoned WordPress sites on your server, we recommend that you delete them.
    If you have unused or abandoned WordPress sites on your server, we recommend that you delete them. We will explain the reasons for this and how to delete an abandoned site....