My custom-built PHP site keeps getting compromised: attackers drop their own Google site-verification files and overwrite pages so they can control Search Console, inject fake snippets and even clone product content. As soon as I unblock access in .htaccess the same files reappear, which tells me a backdoor is still live somewhere on the server. I currently reach the server only through FTP, so you’ll need to be comfortable hunting malware and hidden shells without full SSH. A full forensic sweep of the codebase, file system and any configuration pockets where a persistent script could live is essential. Once you locate the entry point I’ll need every malicious trace removed, the vulnerability patched, and practical hardening steps applied (updated .htaccess rules, permission tightening, fresh salts, etc.). Deliverables: • Complete removal of injected verification files, rogue scripts and altered page code • Written root-cause report explaining how the breach occurred and what was fixed • Hardened configuration so the intrusion cannot recur under normal operation • Final security checklist I can follow for ongoing maintenance Tools such as Maldet, ClamAV, grep, diff or your preferred PHP-aware scanners are all welcome as long as the end result is a clean, secure site and clear documentation. I’m ready to give you immediate FTP credentials and will stay available for any follow-up questions while you work.