This is the most common scenario that the owner of a wordpress website don’t know that their website is infected. In most cases they know it from hosting alert notification or from Google when they try to run a campaign and Google just say like this, “Disapproved: Malicious or unwanted software”
Malicious or unwanted software: To help ensure the safety and security of our users, we’ve disapproved your ad because it contains malicious software (malware) or because your landing page is known to host or distribute malware in violation of our policies. We strongly encourage you to investigate this issue immediately in order to protect yourself as well as your customers. To run your ad, follow these instructions to check your computer for malware, remove all malicious code from your ad and site, and submit your site and ads for review: https://support.google.com/adspolicy/answer/6020954#311″
Google certainly won’t tell you the exact issue or malicious external links, files path they found in the that message. You have to contact with Google to get the details.
Then Google will provide you some external links or files path may be…But don’t be so happy! You won’t be able to find out those links or files in your website so easily by scanning file system or database. Most of plugins, custom script are not able to identify those links.
That’s don’t mean that those links are not identifiable! Only security experts who working for wordpress security can identify the root of issue.
Just try yourself to find out and if you can’t, tell us! We will do it for you 🙂
You can see the list of known malicious script and the injected / infected areas here. That may help you to recognize a malicous script and most common area of injection/ infection.
|Script||Injected in||Infected files/Backdoor||Date of Detection|
|script src=”https:// db.allyouwant.online/main.js”>||End of every post||Every .js files on there server is infected||08.09.18|
|script src=”//go.oclasrv.com/apu.php?zoneid=1694479||wp-temp.php file||wp-temp.php file||01.11.18|
|script src=”//fortpush.com/ntfc.php?p=1694481||wp-temp.php file||wp-temp.php file||01.11.18|