We know that reinfection of a WordPress site with malware is the last thing a site operator wants, as it prolongs the period of time that the site is in disrepair and can cause problems with clients.
Here we would like to explain the five main factors that can cause reinfection.


Weak wordpress admin password

The use of weak passwords is a reinfecting factor. If a hacker succeeds in a brute force attack, repeatedly logging in with a commonly used password tens of thousands of times to the admin screen to a website, the hacker can seize admin rights and install any program on the site.

We recommend that you change passwords for hacked sites to a meaningless string of at least 12 characters, including single-byte alphanumeric symbols, uppercase and lowercase letters and characters.

Older mainframe versions, themes, and plugins

The primary route of entry for WordPress sites is through unfixed vulnerabilities in older plugins.
Once a site has been infected with malware, stopping and removing unnecessary plugins and themes, and updating to the latest versions whenever possible are important steps to prevent re-infection.

Rogue users remain on the WordPress site.

When a WordPress site is hacked, the hacker may have created an unauthorized administrator user.
In this case, even if the malware is removed, the hacker can log in with the previously created rogue administrator user and tamper with the site again.

Check the WordPress admin page > Users > User List to see if any users have been added that you are not familiar with.

Undiscovered Backdoors

A backdoor is a program that allows a hacker to upload and rewrite files on the server and launch a series of hacking attacks from the browser.

If even one of these embedded backdoors is missed when malware is removed, the site may be defaced again via the backdoor.

There may be multiple backdoors in a site, obfuscated and hidden deep in folders.
These malware programs can often only be detected by examining the entire site with a malware scanning tool.

Free WordPress:Malware Scanning & Security Plugin [Malware and Virus Detection and Removal].

Re-infection from other sites on the server

Many rental servers allow sites from multiple domains to be installed and operated within a single root folder.

As long as the paths to the folders of those other sites are known, PHP programs can access any folder at any level and write or embed files, so backdoors in other sites on the same server can cause reinfection.

If one site on the server has been tampered with and infected with malware, it is better to perform malware scanning and removal of all other sites on the server, and update plug-ins and the main unit.

Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].