WP File Manager exploit is no joke, I would remove it from all sites. Two of my sites got hit over the weekend. They messed with index.php files and added .htaccess files (too bad for them my config ignores .htaccess files unless I reload Apache). I knew this plugin had to be trouble, but I was using it out of convenience for situations I could not SSH into a site and needed to on the go. No more, if I need to edit something it can wait until I can edit securely from a computer with proper SSH credentials. Also, my WordFence did not catch this on these two sites. Not sure why, caught it on others. Indeeex.php and many other files came in. And they are keeping back. Do you have any solution ?
The affected sites I’m just going to roll back to a preview back up, but then the e-commerce site I’m going to get back up so the client can manage the orders than came it, then rebuild from a back up and then import the orders between then and now. If you have WP-CLI there is a command that will help with finding rogue files ‘wp core verify-checksums” .
if you’re still struggling, my web developer has just solve this for us. Our clients are on a shared IP plan so had to do all the sites but they are 100% clean now. Give me a shout if you can help you!
deploy your site on best web hosting ( review from reddit) for better security.