How do I get rid of this persisting redirect virus on my WordPress website?
So I am running two identical WordPress websites that only differ in language:
They are two separate installations of WordPress, but almost identical, since only change is language.
Some time ago I got a redirect virus on first English website (main site). It changes wp_posts to inject malware code that redirects website to advertising sites.
Code looks like this:
It inserts in all wp_posts database entries and also wp_options website url gets changed automatically to malware site.
I always clean these with a MySQL command that goes through all entries and removes it. It is always different, sometimes it is obfuscated eval code. Also, a new wordpress admit gets created each time. This attack happens once every few weeks or so.
I tried deleting pretty much all plugins and deleting any files I could find on server, htaccess, everything, but nothing helped.
Then finally, since int.website.com (second website) has no virus I just deleted main website and copied its file contents entirely and assigned it the first websites database.
I thought this would be the fix, since the files are “clean” as second site has no virus redirecting it.
But the virus appeared AGAIN!
So question is: what do I do now?
Can the virus be sitting in the mysql database?
If yess, where? I tried looking for it by searching whole database for http entries, but could not find anything. I even had a web dev look through files and he also could not find anything.
I have 3 more websites running on this server, also wordpress and they are all fine. It is sonly this one website that is affected.
I really could use help with this.