How to find and delete backdoor PHP/ccqqji.

Hi, angelwp. If I had to spend all day Sunday wading through this forum, reading my stuff, I’d definitively have a ?? too. No one deserves that. I’m really sorry. Let’s see if we can’t help you get this worked out.

Could you please tell us what sort of hosting you have, ie, shared, VPS, or dedicated? Are you using Windows or Linux?

I suspect this is what we might be dealing with:
https://pluginproblems.info/layerslider-xss-sql-injection-vulnerability/

Obviously, we’ve got to clear the backdoor first or installing the update will have no effect.

Is Wordfence installed on your site at this point?

You’ve folowed instructions incredibly well, & that makes it a whole lot easier for the volunteers here to help you.

Your appreciativeness of our efforts here also goes an incredibly long way.

I can read Spanish, as mentioned in the topic to which you replied, though my writing & speaking leave much to be desired. I have a few friends on these forums, however, who are very fluent, & I’m sure they’d assist if English is difficult for you, though it doesn’t appear to be. Just let us know what you need, & we’ll do our very best to help.

Hang in. We’ll help you get this straightened out.

Hello jackie!!, wow! thanks for the really fast reply!!
i can talk spanish too or english, whatever fits you better
indeed i use layerslider in some of my websites, and i had this problem since a lot of months now, but it cease the last almost 4 months
hosting is shared, yes i have wordfence installed in the websites

actually wordfence is helping me monitorin the websites, wordfence detect this
Critical Problems:

* File appears to be malicious: wp-content/plugins/LayerSlider/helpers/khvulaty.php

i have already delete the script (for afraid, hehe), but is a hint, 4 months before was the same problem, every 2 days i have to be cleanin my websites of this kind of scripts or they take all my server down!

love this kind of communities, i hope i can be helping too, i already help people in social media groups but with basics, configurations or css stuff

Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.

angelwp, is this a multisite installation or just multiple single sites? We need to know that, as instructions will differ accordingly.

You’re more than welcome & indeed encouraged to help here. It’s especially important in the polyglot community, & you’d be a natural. &, if you ever ran into anything you need help with, just pm me on the WordPress Slack channel, & I’ll do what I can to assist. That way, you won’t feel you’re out there all by yourself. That can feel a little scary when you’re new. Before too long, you won’t need anyone. But when you’re just starting, it’s nice to know there’s someone around you can ping if you feel the need.

We meet on the Slack channel on Thursdays at 1600 UCT. You’re welcome to attend those meetings also. There are lots of nice folks there who can help you as well. It’s a great community, & I’ve met a lot of superb folks in the course of my involvement, yourself included.