SEFCARD CLEAN PROJECT - 2026-07-14 ================================== This archive is a clean rebuild, not an in-place copy of the infected site. Included: - WordPress 7.0.1 from the official WordPress.org release package. - WooCommerce 10.9.4, Google for WooCommerce 3.7.3, Yoast SEO 28.0, WooPayments 10.9.0 and GTM4WP 1.22.3 from official WordPress.org packages. - Reviewed SEF custom plugins, the SEF custom theme, the legitimate MU plugin, site media, manifests and configuration needed to run the existing site. Removed: - Confirmed web shells, obfuscated loaders and PHP malware disguised as media. - Fake theme and malicious MU-plugin/cache payloads. - Attacker-created .htaccess files, runtime caches and sensitive debug logs. Hardening added: - Admin SSL enforcement and the WordPress dashboard file editor disabled. - PHP/PHTML/PHAR execution blocked in uploads. - Daily file-integrity and malware scans wired to the custom security plugin. - Core, MU plugins, uploads and critical root files added to integrity coverage. - Scanning for executable code hidden inside image/font files. Required immediately after deployment: 1. Replace the entire old web root; do not merge this over infected files. 2. Change hosting, SFTP/SSH, database and all WordPress administrator passwords. 3. Rotate WordPress authentication salts and invalidate all sessions. 4. Inspect WordPress administrators, cron jobs, database options/posts and hosting scheduled tasks. Remove anything not explicitly recognized. 5. Confirm file ownership/permissions (directories 755, files 644, wp-config.php 600 or 640 where supported), HTTPS and server-level WAF/backups. No database export is included in this project archive. Database compromise and server account compromise cannot be removed by replacing website files alone.