Taking advantage of the convenience of being able to operate multiple domain sites under a single server contract, malware today often analyzes the server folder structure and spreads infection from one site to the folders of other sites (domains).


Malware spreading to folders between sites

This type of malware spreads by infecting one site on a server, copying confidence and setting up backdoors even if there are no vulnerabilities in WordPress folders on other domains.

If left unchecked, the malware can infect all sites on the server, making it impossible to log in to many sites on the server, forcing users to redirect to other malicious sites, or downloading malicious software. This is very dangerous.

How to prevent site-to-site malware infection? If you are not yet infected with malware

To prevent such malware infection from occurring, it is important that basic security measures are essential at all sites on the server.
(Please do not create a neglected site.)
Basic security measures include the following

Remove unused themes and plug-ins.
Update WordPress and plug-ins every few months to prevent hackers from taking advantage of vulnerabilities.
Strong administrator login passwords.

Reference
Five free WordPress security measures

How to prevent site-to-site malware infection? If you have multiple sites on your server and one or more of them is infected with malware

If you have multiple sites on your server and one or more of them are infected with malware, you need to consider the possibility that the malware is spreading beyond the site-to-site folders.

We will inspect and remove malware from malware-infected sites.
Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

We will update the WordPress and plug-ins of the infected site and take the aforementioned basic security measures.

Suspect other sites on the server to be infected as well.

We also need to suspect the presence of malware or backdoors on sites other than the obviously malware-infected site.

We recommend that all sites on the server be scanned for malware and that the basic security measures described above be followed.

If it is clear that more than one site on the server is infected, we strongly recommend that all sites on a server within a single server contract be “scanned for malware and have basic security measures in place”.

In addition, removing unnecessary sites or moving only the important sites to a different server contract after cleanup will help reduce the spread of malware from one server to another.

Reference
Removing WordPress malware-infected sites one by one is dangerous!

At WordPress Doctor, our experienced professionals will do all of the above work on your behalf to prevent re-infection.
Please feel free to send us your inquiries.