I have a hacker message when I open my site in google

http://www.alstrays.com has a Hacker Message when you google it. Appears to be a few files uploaded into wp-images.php which I need help removing.
Access details are in chat.

  • Chris
    • New Recruit

    Removing the wp-images.php folder hasn't resolved this.

    I requested a review by Google and they emailed this morning saying site appears to be hacked and listed the wp-images.php files again.

    Looked on server via FTP and there is a wp-images.php folder there, so either wasn't removed, removed wrong one, or it has regenerated somehow.

    Reading the details on Google I am pretty sure resolving this will be more than just removing a folder?

  • Ash
    • WordPress Hacker

    Hello Chris

    Sorry for the delay on your thread :slight_frown:

    The wrong file was not deleted, it has been recreated. In that case, it seems the hacker left a script in your site, somewhere and that script is generating the file if the file doesn't exist.

    This is difficult to say without scanning exactly where the culprit script is. You can download the files and scan with a good malware scanner. But the better option would be to use a professional service like SiteLock: https://www.sitelock.com/

    Because, if you download all files, delete everything from server and upload again and if the script remains within your files, then it will happen again. Once everything is fixed, use a good security plugin like Defender or WordFence or iThemes security.

    Hope it helps! Please feel free to ask more questions if you have any.

    Have a nice day!


Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.