There is an increasing amount of malware infecting index.php in every folder in WordPress. This malware will be explained.
Malware that infects index.php in any folder
This malware places index.php containing malware in every folder of the WordPress core files.
Typical folders are as follows
/wp-admin/css/colors/midnight/midnight/
/wp-admin/css/css/
/wp-includes/js/swfupload/swfupload/
/wp-includes/sodium_compat/src/Core32/Poly1305/Poly1305/
It is difficult to visually inspect all of these folders because they are placed in a very deep hierarchy, and since there is no index.php file in these folders originally, they will not disappear even after an update.
The malware code contains a large number of garbled comments (non-executable programs) as shown in the figure below, which are obfuscated to avoid malware detection.
How to deal with malware that infects index.php in any folder
It would take a lot of effort to examine and remove this malware from every single folder.
The easiest way to scan for and remove malware is to use a malware scanning plugin that comprehensively scans all folders and files on the entire site.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].
Another effective method is to download the same version of the WordPress core files from the official website and replace them entirely.
Also, plug the vulnerabilities that provided entry points for the hackers who allowed this malware to be installed.
Reference 5 Free WordPress Security Measures