Keep getting infected? Look for wp-strongs.php & wp-stream.php

If your site keeps getting infected with malware after a recent cleanup, follow these instructions:

1. Follow this cleanup guide, and:

2. Make sure ALL your plugins are up to date, including:
Elementor Pro, 3.1.1 – 23 Feb 2021 –
The Plus Addons for Elementor Page Builder, 4.1.7 – 09 Mar 2021 –

3. Manually set ‘siteurl’ and ‘home’ via wp-config.php

define( 'WP_HOME', '' );
define( 'WP_SITEURL', '' );

4. Disable unauthorized users with administrator privileges.
Look for “wordpressai” and [email protected]

5. Look for wp-strongs.php & wp-stream.php files.
Also make sure index.php files are clean. Monitor wp_options table, notice if ‘siteurl’ value changes.

Malicious URLs:

Malicious plugins or files found:

Malicious users:
[email protected]

Attacker IPs noted:,,