WordPress is a CMS that is widely used around the world, and as a result, it can become a spam springboard or fall victim to tampering. There are various causes for this, such as not updating old WordPress, not updating plug-ins, and weak passwords, but here we would like to briefly introduce some of the measures we take when a site is a stepping stone for spam.
2000px-Botnet.svg

Check for malware infection

WordPress is currently being used as a stepping stone for secondary damage by malware (programs created with the intent to perform illegal and harmful actions) that is embedded in the WordPress code and remotely redirected to other sites, links to a large number of other sites, banners, and so on. This method is used as a stepping stone for secondary damage.
Sucuri SiteCheck can check for the presence of this malware.
sucuri
Enter the URL of the site you want to check and click “Scan Website”.
sucuri2
The results of the scan will be displayed.

Back up the site and make it work in the local environment

If your site is infected, first make backups of both the WordPress files and the database.
The entire site can be backed up using FTP software, and the database can be backed up using phpMyadmin or a WordPress plugin.
Also, to make sure the site works in your local environment, move the site to an environment where apache, mysql, and PHP are installed and working.

Clean installation of WordPress and plug-ins

Download the WordPress main unit from the official site and replace everything except the wp-content folder of the infected site. (Move only wp-content/upload and wp-content/theme to a completely new set of WordPress files, as tampered files may have been generated.)
Also, download all installed plugins for the infected site again and put them in the wp-content/plugin folder

Scan the theme and upload folders for tampering

Now the only folders that may be infected are the theme folder and the upload folder. The most reliable way to detect theme tampering is to re-download the current theme and detect the differences between the theme files and those of the infected site. WordPress Doctor uses a tool to detect differences in theme files.
スクリーンショット 2016-02-02 11.52.06
*Example of tampering found
In addition, visually check the upload folder for all files except for images and pdf files, and delete any strange files.

Install security plug-ins and set appropriate permissions

Finally, install security plug-ins and set appropriate permissions on the WordPress folders to prevent them from being rewritten.

We recommend the following security plug-ins
All In One WP Security & Firewall

all-in-one-wp-secutiry-firewall-1-dashboard

However, since the settings are diverse and difficult, the following plug-ins are also recommended if you wish to do it yourself.
SiteGuard

Finally, once you have verified that WordPress is working in your local environment, you can move it to the production environment!