Malicious .php files found on website - how do I remove them?

1 month ago
Our company got an email from google asking us to fix some mobile usability issues with our website. So I logged into the Google Search Console, only to find out that all of the website pages containing mobile usability issues are actually .php code that we definitely did not put on our website. Here's what it looks like, and there are 64 pages of these (and counting).


What do I do about this? How can I get rid of these?
1 month ago
You'll need FTP access to the server.  Immediately change passwords for all FTP, admin, any other accounts that have access.  Sort files by date created and start deleting .php files, then research virus/malware scanning options to ensure they didn't leave themselves "backdoor" access.  

Then check the logs to see who/when/how they were added.  If any other websites are running on the same server (like wordpress) you'll need to ensure they are secured as well.