I got the same issues in 2 sites….
There are 2 great plugins that you can use to detect the infection .. and figure out where it comes from to take action in this.. WordFence and Defender from Hummingbird. WorkFence not only scan your directory.. it shows you the URL that hacker use to attack your site so you can block this URL.. Usualy wp-login.php, xmlrpc.php, and URLs with these parameters “up_auto_log=”..
I’m was not expert in wp security, but I think that I know too much more than before… using those plugins.. Even Workfence compare the wrong files against WordPress website plugin database and give the option to repair it. What is very useful and save a lot of time. You must use one of those a time.. no, both.. Using this procedure, I finally could control the attack of the hackers..
Actually I can see now that my site receive several attacks every day but without successful… until now ?? .. Regards
