te_taipo

This may be related to the actual modem router you use at home rather than anything directly related to your website.

It is vital that you also identify how exactly malware was able to upload itself into your web repository, else it will just happen again.

As with any website attack you need to not only remove the malicious code as others have stated above, but you must also find *how* the attacker was able to inject the code/file in the first place.

Once you have detected the attack request, it will give you some clue as to what part of your website is vulnerable to such an attack.

If there is no evidence in the log files that disclose how an attacker was able to add, prepend, append code or files onto your site then you need to look at the webserver itself.

This is where it gets more difficult because most webhosts will not disclose that they have patched a vulnerable server, or admit that their servers are insecure. One way to tell is to google other websites on your server to see if they are also complaining of being attacked. If so then it may well be a server wide issue which you cannot fix yourself other than moving to a more secure webservice.

May have been restored by the Host. If so, this will not fix *how* the site was attacked in the first place, therefore it is still vulnerable for a repeat attack.

@katandmouse were you able to identify the problem file, and more importantly how it came to be on your website in the first place.

1)How the spam files are created. Is there any hackers are doing?

There are several ways an attacker is able to inject malicious code
a) via a vulnerability in your website code or plugin code.
b) via a vulnerability in the webserver itself

2) How to find the spam files?
There are a few tutorials on this forum to help you and a plethora of plugins that scan for malicious files.

3) How can i Secure my Sites from these spam folder?
This is not an easy question to answer. It will depend on how your website was attacked in the first place. This is something you will need to find yourself. If it were via a plugin then remove the plugin and contact the developer to report the vulnerability
If the attack came from exploiting the core WordPress code then merely overwriting it with the original code will not prevent the attack from repeating itself. You will need to report the exploit to WordPress developers.
If the attack came from exploiting the webserver itself then there is nothing you can do from a PHP code perspective to prevent these attacks happening again. Your webserver host has to fix the problem.

4) Is there any Secured option in wordpress for securing my site?
There are lots of plugins offering various levels of security. Few do this well unfortunately.

5) Because of spam files. Google Marked my page as a “the page may be hacked”.
Once you remove the malicious files, this warning will eventually go away.

What is more important is to identify how an attacker was able to upload malicious files/code into your wordpress file repository. This is how to prevent it happening again.

Scanning your files for malware code is not enough. You need to find out how an attacker was able to *upload* the malicious code in the first place, else it will just keep reoccurring.

Sometimes those web file scanners can give false reports. Once you have restored your website back to its working order, you will need to investigate if the file scanner plugin is reporting a false positive or not.

Your site is loading fine.

There are two methods attackers use to inject code into webpages, first is via faulty code within the web application itself, i.e in the core code or in a plugin, the other is at a server level intrusion or incorrect server settings.

If you have checked your website over using the above suggestions, then please come back and let us know. It is important for you to fix this, but also for us developers to address these issues if they can be addressed at a plugin level.

Let us know how it goes, if these measures prevented the uploading of malicious files.

There have been no reported cases of accidental lockouts. Closed

Once you have cleaned up your website, you will need to work out how these files were inserted into your website in the first place, and prevent a repeat, else there is a high chance this will happen again.

Version 1.8.0 resolves the issue where an admin could have their IP address banned, as well as adding a small notification email for high severity attack attempts.