How to Secure my Site From Hacked Content

Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

You use SSL certificate — “SSL” stands for secure sockets layer — which creates a secure encrypted connection between the web server and the web browser.

Without HTTPS, any data passed is insecure. This is especially important for sites where sensitive data is passed across the connection.

• This reply was modified 6 years, 8 months ago by sumitwagh.

1)How the spam files are created. Is there any hackers are doing?

There are several ways an attacker is able to inject malicious code
a) via a vulnerability in your website code or plugin code.
b) via a vulnerability in the webserver itself

2) How to find the spam files?
There are a few tutorials on this forum to help you and a plethora of plugins that scan for malicious files.

3) How can i Secure my Sites from these spam folder?
This is not an easy question to answer. It will depend on how your website was attacked in the first place. This is something you will need to find yourself. If it were via a plugin then remove the plugin and contact the developer to report the vulnerability
If the attack came from exploiting the core WordPress code then merely overwriting it with the original code will not prevent the attack from repeating itself. You will need to report the exploit to WordPress developers.
If the attack came from exploiting the webserver itself then there is nothing you can do from a PHP code perspective to prevent these attacks happening again. Your webserver host has to fix the problem.

4) Is there any Secured option in wordpress for securing my site?
There are lots of plugins offering various levels of security. Few do this well unfortunately.

5) Because of spam files. Google Marked my page as a “the page may be hacked”.
Once you remove the malicious files, this warning will eventually go away.