Recently we've encountered some mallware JS on our website. The investigation showed that we had malicious code in our functions.php (which is in a folder invisible from web!) and in our .htaccess files (one of which is also invisible from web). No more malware was found.
The questions are: what to do next in order to stop this from happening? And the main question: how can that be that a file was modified or added in a folder invisible from web if neither FTP logs nor last-modified dates show nothing? One of the malicious .htaccess's says that it was added somewhere in February, however I do know that it was not there even today in the morning.
It's a Linux shared hosting.
Thanks in advance for your help and attention.
The questions are: what to do next in order to stop this from happening? And the main question: how can that be that a file was modified or added in a folder invisible from web if neither FTP logs nor last-modified dates show nothing? One of the malicious .htaccess's says that it was added somewhere in February, however I do know that it was not there even today in the morning.
It's a Linux shared hosting.
Thanks in advance for your help and attention.