We will explain the precautions to take when multiple WordPress sites across the server have been infected (tampered with) by malware.
We recommend that you do not remove malware from sites on your server one by one.
Malware infection of all or multiple sites in a WordPress server may not be caused by a vulnerability in an individual site, but by a program (backdoor) that allows a vulnerability in one site to be breached and spread malware to the folders of other sites. This may be the cause of the problem.
Therefore, if you perform malware removal for each site on the server one by one, the infection may spread quickly to another site via another site’s folder.
We recommend that you perform malware removal and security measures even for sites that do not appear to be infected with malware.
Even sites with no malware symptoms may have only the aforementioned backdoor in place, and may in fact be the source of infection for all sites.
Therefore, if multiple sites on a server are infected, it is safer to perform malware removal and security measures for all sites on the server.
What to do if multiple WordPress sites across the server have been infected (tampered with) by malware
If multiple sites in a server have been infected with malware, it is better to remove malware from all sites at once (or adapt the removed sites) with as little time delay as possible to ensure malware removal.
Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].
Reference Information on Security Measures
Five free WordPress security measures
To prevent WordPress hacking, security measures only related to login are not enough!
Alternatively, moving the disinfected site sequentially to another server account (a server account with a different contract that does not share the root folder) can also reduce the likelihood that the site will be reinfected via a backdoor on a different site.
