Blog Folder Automatic Creation in Root Directory

WordPress doesn’t have a blog folder all pages and post are stored in the database. If a blog folder keeps appearing you should check with your hosting provider. You could have your permalink set in the setting->general-permalinks settings to include the /blog you can set the permalinks values. In the Settings->reading you can change the pages for your post and homepage. If you are having a physical folder appear it not part of WordPress. You could have a plugin creating it or malware. You might want to have your host provider look at it.

@govindvkumar The ‘blog’ folder is automatically created due to some malware. It may also have a ‘forum’ folder or something else that is not part of WordPress install.
I am dealing with this problem for months now. You may also find files with scrambled names (similar to 0jtcpann.php,7jimqxji.php, 7m7s6k6m.php, and so on). Or you may find an index.php file created arbitrarily inside your .well-known, cgi-bin or inside your uploads folders. See if you have any of that happening.
This is the most difficult malware I have dealt with so far. It came during a migration of the website.

@mrtom414 looks like some kind of malware. Thanks for pointing it out.

@muge Thanks for sharing. I am also seeing php files with names like 9x0dbzvu, z7mgbawv,… Yes, there is an index.php in cgi folder. Did you fix this issue on your website? If Yes, how did you do it? Will deleting these files help to solve this issue permanently? I delete the automatically created blog folder every time and it reappears after 2 days.

@mrtom414 Sorry, I am just seeing your question.
Yes, I succeeded getting rid of the malware after 3 months struggle as they kept re-appearing regardless of cleaning, re-installing wordpress, and using malware software, blockers, you name it.
I did a clean slate. I had about 40+ websites and some have time difference between North America and Europe. YET, I took them all down. Cleaned the websites and child-themes folder-by-folder AND file-by-file. The malware was getting in even into the wp-config.php file.

If mega companies can take their websites down (temporarily), so can I — that gave me some courage.
Started from the most important websites and put them back one-by-one. There was no other way. All WordPress and plugins were clean installed. Databases were not affected.

Just a little warning: when I say, take down the website, one has to be very strategic and careful.
I ftp’ed all I can from the website ‘as is’, except for WordPress and the plugins. You can’t use Duplicator plugin.
Cleaned the sites up ahead of time. Everybody had to stop working or adding stuff. When it came to ‘clean slate’, it was sudden.

It was crazy work. It worked though.
I also took hard preventive methods. Check WordPress securities on what to add to your htaccess files, use softwares. I like WP Cerber plugin. As to Admin access to WordPress, I added IP restrictions so only limited people can access, etc.
So far so good.

• This reply was modified 3 years, 5 months ago by Muge.
• This reply was modified 3 years, 5 months ago by Muge.