This section explains how to deal with a situation where a server management company has changed the permissions to 000 due to a malware infection and the WordPress site can no longer be displayed.

If your WordPress site can no longer be displayed and the server management company informs you that the malware has changed the permissions to 000.

Each server management company monitors their servers for malware malicious activity. If there is a blatant malware infection and it is confirmed that a large number of unauthorized emails are being sent or the server is overloaded, the server management company may set the permissions to 000 for the malware-infected files.

Example of server management company notification

In the above server account of the customer,
Using mail sending software for servers (Sendmail)
We have confirmed that a large number of emails are being sent to email addresses outside of Japan.

In response to this, our support team has conducted a security investigation,
We have confirmed that a security-critical bug (vulnerability) exists in the program used by the customer, and that it has been exploited by a third party,
The possibility of a third party exploiting this vulnerability is very high.

Therefore, we are sorry to inform you of the situation after the fact,
As an emergency measure, the following restrictions have been implemented.

Restrictions implemented by support
————————————————————

Regarding the malware file that was installed,
 Change the permission to “000” and disable the function.

[List of malware files]
*Since there are many files, we will present them in the attached file [ ****.txt ].

————————————————————

If you are a victim of unauthorized access such as the one described here,
In addition to the malicious files detected, other malicious files and backdoors (mechanisms that facilitate unauthorized access) may also be present.
backdoor (a mechanism that facilitates unauthorized access) may have been installed.
backdoors (a mechanism that facilitates unauthorized access) may have been installed.

In order to prevent damage from unauthorized access, please check the following information and take the necessary action,
Please check the following information and take the necessary measures to prevent damage from unauthorized access.

Reasons why WordPress sites fail to display with permission 000

Permissions are the settings that allow files to be written to and read from. Permission 000 is a setting that prevents files from being accessed or executed, so if important WordPress files (e.g. index.php and wp-config.php) are set to permission 000, the site will not be viewable and you will not be able to log in to the admin panel.

WordPress malware infections can be inspected and removed with plug-ins, but this is not possible if you are unable to log in to the admin panel.

What to do if you have been set to permission 000

In this case, it may be possible to restore the display of the site by changing the file permissions back to readable (755, 555, etc.) using FTP software, but we strongly recommend that you do not change the permissions back before removing the malware, as this will also restore the execution of the malware.

It is important to download the files notified by the server administrator one by one using FTP software, remove the malware code, and then restore the permissions.

Malware code is often obfuscated, and the malware code can often be determined to some extent by visual inspection.
Reference
What is the obfuscation process used in more than 90% of WordPress malware?

However, the malware detection capability of server management companies is often not that high, and there is a high possibility that malware exists in files other than those notified by the server management company.
Therefore, for a drastic solution, we recommend that you consult a specialist for malware removal and security measures.

Terms of Use for Generated AI

This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.

Related Posts:

  1. What are the strongest permissions to prevent malware infection in WordPress?
    We will introduce the strongest file write permissions (permissions) to prevent malware infection in cases such as repeated malware infections in WordPress. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using...
  2. Cases where public_html or www folders are not writable, permissions cannot be changed, and malware cannot be removed.
    We will describe a case where the public_html folder was not writable due to malware infecting WordPress, and the permissions could not be changed, making it impossible to remove the malware. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the...
  3. Analysis of WordPress malware that revives in an instant or changes permissions (write permissions) of index.php and htaccess files
    Analyze wordpress malware that revives in an instant or changes the permissions (write permissions) of index.php and htaccess files. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is...
  4. Cases in which malware (virus infection, tampering) prevents logging in to the management screen
    There have been an increasing number of cases where a hacker has embedded a number of malicious HTACCESS files in a site, making it impossible to log in to the administration screen. This case study will be explained in this issue. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole...
  5. What to do when multiple (or all) sites on a single server are infected with malware
    We are seeing an increasing number of cases of multiple WordPress sites on multiple domains within a single server, all or many of which are infected with malware (viruses and tampering). Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the...
  6. What to do when a red warning appears in the browser when accessing your (your company’s) WordPress site
    Here is what to do when the browser screen turns red when accessing your (your company’s) site and a warning appears on that screen. Suddenly a warning screen appears when accessing the company’s website. When accessing your company’s website, the browser screen may turn red and a warning may appear, preventing you from accessing the site. The warning may be...